Anonymous FTP

From DreamHost
Jump to: navigation, search

Overview

Anonymous FTP is an FTP service that does not require a unique username and password to log in. Any user can log in using the username "anonymous" and typically use their email address as the password. Some anonymous FTP services allow the password field to be left blank. DreamHost allows this feature on anonymous FTP as well.

In comparison to a standard FTP user created in the panel, an anonymous FTP user is generally used to upload/download content to a directory on your domain defined by you when setting up the service. This service can be very useful if you require multiple users to upload/download files from your domain.

Keep in mind – anonymous FTP is ideal for providing users access to files that are public on your domain and should not be used to access any of your web applications.

Note2 icon.png Notes: Before setting up the service you will need the following:


Setting up an Anonymous FTP service

  1. Navigate to the (Panel > ‘Domains’ > ‘Anonymous FTP’) page.
  2. Select your domain from the dropdown menu.
    01 Anonymous FTP.fw.png
  3. Click the Continue button.
    Note2 icon.png Note: If your user has Enhanced User Security enabled, clicking the Continue button throws an error. You must disable it for your user before you continue with this setup.


    The Configuring Anonymous FTP setup screen opens:
    02 Anonymous FTP.fw.png
  4. Enter the following information:
    • Location on server: Select which user account you want it hosted under and the directory name where the anonymous FTP service files will be hosted.
    • Restrict Uploads To: Select the maximum amount of disk space that will be allowed for this service.
    • Unique IP: You must purchase a Unique IP for this domain to use this service.
  5. Click the Add Anonymous FTP Now! button to continue.
    A Success message appears after you successfully add an Anonymous FTP:
    03 Anonymous FTP.fw.png
  6. Read carefully the information presented on the "Success" screen.

Editing permissions

04 Anonymous FTP.fw.png

To the right of your Anonymous FTP service, click the Edit button under the ‘Actions’ column.

05 Anonymous FTP.fw.png

Each directory has a specific set of permissions applied to it to restrict what users can do within that directory. The definition for each permission are as following:

Users can:

  • RETR – download files
  • LIST – view the directories contents
  • CD – change directories
  • STOR – upload files
  • DELETE – delete files
  • RENAME – rename files
Important icon.png Important: It's very important to set up the permissions correctly or you could inadvertently allow your anonymous FTP service to become abused by hackers. If a new Anonymous FTP service is exposed, hackers can test it for vulnerabilities by attempting to upload a file then download it again (the default configuration does allow that). If successful, hackers can upload all of their illegal files to your site and give out the address of your anonymous FTP service to anyone.


The screenshot above shows a basic configuration in order to prevent an attempt to maliciously use the anonymous FTP service. Of course, you can modify it to meet your needs later, but this is an example on how to keep it safe.

This configuration allows users to "RETR" download files that are placed into the /(root) directory but can only "STOR" upload files into the /incoming directory. Since they cannot download files uploaded into the /incoming directory, you're safe. However, this may not meet your requirements . You should experiment with the configuration until you find one that works best for your needs.

Usage

Once you have defined all your directory permissions for anonymous FTP users, your standard FTP/Shell user still have access to manage all files where you have set up the anonymous FTP service.

For example, using the Basic Configuration mentioned above, your standard FTP/Shell user can view/download/delete/move any uploaded files in ‘incoming’ and even move them to /(root). The FTP/Shell user is essentially the “file manager” for the Anonymous FTP service.

An important note about making changes to directories

Although you can manage files using your FTP client when logged in as the FTP user that is hosting your Anonymous FTP service, DO NOT MAKE, DELETE, OR RENAME DIRECTORIES! Those functions should ONLY be done through the (Panel > ‘Domains’ > ‘Anonymous FTP’) page.

Any editing done through an FTP client for Anonymous FTP directories can cause problems with directives and permissions.

See also