This tutorial shows the installation of vsftpd (VerySecureFtpDeamon) on Linux to act as a FTP server. It supports some features as SSL and locking users to their home directories.
These instructions are intended specifically for installing the vsfptd on CentOS/Rhel.
Install VSFtpD
yum install vsftpd
Start and set the vsftpd service to start at boot
systemctl start vsftpd
systemctl enable vsftpd
Configure VSFtpD
Edit the configuration file:
vi /etc/vsftpd/vsftpd.conf
Modify the following directives:
#Disallow anonymous login
anonymous_enable=NO
#Allow local users to login
local_enable=YES
#Isolate users to their home folder. Local users will be denied access to any other part of the server
chroot_local_user=YES
If you want to disable FTP Upload and just allow Download:
write_enable=NO
Restart the service and verify its status
systemctl restart vsftpd
systemctl status vsftpd
Add a ftp user
By default root-user is not allowed to login to ftp server for security purposes. So let’s create a new user.
Users that are not allowed to login via ftp are listed in this file: /etc/vsftpd/ftpusers
adduser ftp_user
passwd ftp_user
Modify homedir for ftp user
You can modify the homedir of the ftp user, for example to the document-root folder of a website:
usermod -d /path/to/website/ ftp_user
Add the ftp user to, for example, the Apache group to get necessary permissions on the document-root of the website.
usermod -a -G apache ftp_user
Verify group membership of the ftp user
id ftp_user
Access
Be sure firewall exemptions are made to allow ftp access (port 21) to the server.
In case of IPtables:
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 20 -j ACCEPT
in case of FirewallD:
firewall-cmd –permanent –add-port=21/tcp
firewall-cmd –reload
If the user cannot change to his homedir, update SELinux configuration:
setsebool -P ftp_home_dir on
Warning: FTP data is insecure; traffic is not encrypted, and all transmissions are clear text (including usernames, passwords, commands, and data). Consider securing your FTP connection with SSL/TLS.