This tutorial shows the installation of vsftpd (VerySecureFtpDeamon) on Linux to act as a FTP server. It supports some features as SSL and locking users to their home directories.
These instructions are intended specifically for installing the vsfptd on CentOS/Rhel.
yum install vsftpd
Start and set the vsftpd service to start at boot
systemctl start vsftpd
systemctl enable vsftpd
Edit the configuration file:
Modify the following directives:
#Disallow anonymous login
#Allow local users to login
#Isolate users to their home folder. Local users will be denied access to any other part of the server
If you want to disable FTP Upload and just allow Download:
Restart the service and verify its status
systemctl restart vsftpd
systemctl status vsftpd
Add a ftp user
By default root-user is not allowed to login to ftp server for security purposes. So let’s create a new user.
Users that are not allowed to login via ftp are listed in this file: /etc/vsftpd/ftpusers
Modify homedir for ftp user
You can modify the homedir of the ftp user, for example to the document-root folder of a website:
usermod -d /path/to/website/ ftp_user
Add the ftp user to, for example, the Apache group to get necessary permissions on the document-root of the website.
usermod -a -G apache ftp_user
Verify group membership of the ftp user
Be sure firewall exemptions are made to allow ftp access (port 21) to the server.
In case of IPtables:
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 20 -j ACCEPT
in case of FirewallD:
firewall-cmd –permanent –add-port=21/tcp
If the user cannot change to his homedir, update SELinux configuration:
setsebool -P ftp_home_dir on
Warning: FTP data is insecure; traffic is not encrypted, and all transmissions are clear text (including usernames, passwords, commands, and data). Consider securing your FTP connection with SSL/TLS.