If you are going to set up a user-based FTP service where each person accessing your system has a valid login name and password, you must create an account for each user in the /etc/passwd file as you would if they were direct users of the Linux system. To set up an anonymous FTP server, you must create a login for the anonymous user ID. This is done in the normal process by adding a user to the /etc/passwd file. The login name should be the name you want people to use when they access your system. Usually this name is “anonymous” or “ftp.” You need to select a login directory for the anonymous user that can be protected from the rest of the file system. A typical /etc/passwd entry looks like this:

ftp:*:400:51:Anonymous FTP access:/usr/ftp:/bin/false

This sets up the anonymous user with a login of ftp. The asterisk password prevents anyone gaining access to the account. The user ID number (400) is unique to the system. The group ID (51) shows the group the ftp login belongs to.

For better security, it is a good idea to create a separate group just for the anonymous FTP access (edit the /etc/group file to add a new group), then set the FTP user to that group. Only the anonymous FTP user should belong to that group, as it can be used to set file permissions to restrict access and make your system more secure. The login directory in the example above is /usr/ftp, although you can choose any directory as long as it belongs to the anonymous FTP user (for security reasons, again). The startup program shown in the above example is /bin/false, which helps protect your system from access to accounts and utilities that do not have a strong password protection.

Using FTP

It doesn’t matter whether you are on a Linux system, a UNIX machine, a Windows PC, or a Macintosh. When you are ready to use FTP to transfer files, you start a client FTP software package, specify the name of the remote system you want to connect to, then let the two machines establish an FTP session. After you are connected, you can start transferring files.

Character-based FTP is usually started with the name or IP address of the target machine. GUI-based FTP clients usually display a window first, from which you can select a Connect option or the name or IP address of the remote system from a list. If you use a machine name, such as “darkstar” or “superduck,” the name must be resolvable into an IP address by your system for FTP to connect.

When FTP successfully connects to the remote machine, you normally must be able to log in with a valid user login and password. Some systems allow an anonymous or guest login. On large networks where a system such as Yellow Pages (YP) or Network Information Services (NIS) is used, logins are usually permitted across the network onto most machines. If YP or NIS is not employed on your LAN, you must be in the valid user file of the remote machine to obtain FTP access (except for anonymous FTP, of course). You can log into the remote with a different user ID from your local machine’s login (if there is one). To transfer files from one system to another, you must have proper permissions on both systems.

Here’s a very important point: after logging in using FTP, you are not actually on the remote machine. You are still logically on your client machine, and all instructions for file transfers and directory movement are with respect to your local machine and not the remote one. This is the opposite of Telnet, a difference that causes considerable confusion among newcomers to FTP and Telnet.

---

Warning:  
Remember that all references to files and directories are relative to the machine that initiated the FTP session. If you are not careful, you can accidentally overwrite existing files.

---

Connecting with FTP

You need a login and password to connect to a remote machine (the server), and you have your local machine ready to run FTP (the client). The appearance of the screens and the prompts that you see from the remote machine vary considerably, depending on the operating system and FTP software each system is running.

On a UNIX or Linux system, and many DOS TCP/IP systems, you can start FTP with the name of the remote system or its IP address, the character-based FTP client is started with the IP address of the remote machine, and after a user ID and password are supplied, you’re connected.