Tuncay Sahin

ICT Engineer | Docent ICT & Trainer

This tutorial shows the installation of vsftpd (VerySecureFtpDeamon) on Linux to act as a FTP server. It supports some features as SSL and locking users to their home directories.

These instructions are intended specifically for installing the vsfptd on CentOS/Rhel.

Install VSFtpD

yum install vsftpd

Start and set the vsftpd service to start at boot

systemctl start vsftpd
systemctl enable vsftpd

Configure VSFtpD

Edit the configuration file:

vi /etc/vsftpd/vsftpd.conf

Modify the following directives:

#Disallow anonymous login
anonymous_enable=NO
#Allow local users to login
local_enable=YES
#Isolate users to their home folder. Local users will be denied access to any other part of the server
chroot_local_user=YES

If you want to disable FTP Upload and just allow Download:

write_enable=NO

Restart the service and verify its status

systemctl restart vsftpd
systemctl status vsftpd

Add a ftp user

By default root-user is not allowed to login to ftp server for security purposes. So let’s create a new user.
Users that are not allowed to login via ftp are listed in this file: /etc/vsftpd/ftpusers

adduser ftp_user
passwd ftp_user

Modify homedir for ftp user

You can modify the homedir of the ftp user, for example to the document-root folder of a website:

usermod -d /path/to/website/ ftp_user

Add the ftp user to, for example, the Apache group to get necessary permissions on the document-root of the website.

usermod -a -G apache ftp_user

Verify group membership of the ftp user

id ftp_user

Access

Be sure firewall exemptions are made to allow ftp access (port 21) to the server.

In case of IPtables:

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 20 -j ACCEPT

in case of FirewallD:

firewall-cmd –permanent –add-port=21/tcp
firewall-cmd –reload

If the user cannot change to his homedir, update SELinux configuration:

setsebool -P ftp_home_dir on

Warning: FTP data is insecure; traffic is not encrypted, and all transmissions are clear text (including usernames, passwords, commands, and data). Consider securing your FTP connection with SSL/TLS.

Meer informatie

Voor meer informatie of voor een persoonlijk adviesgesprek kunt u altijd vrijblijvend contact met mij opnemen.

E-Mail

info@tuncaysahin.nl