How to configure FTP server in CentOS 6.3 – vsftpd server
vsftpd, which stands for “Very Secure FTP Daemon”,vsftp is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
vsftpd supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS.
vsftpd is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions.
This tutorial is applicable to all CentOS and Red Hat server. (CentOS 3,4,5 and 6) .
In this post I will show you how to configure a vsftpd server and how the system user can login in ftp server.
The user will bydefault login into its home directory in Server.
FTP protocol: 20 and 21
We will only edit the /etc/vsftpd/vsftpd.conf file. We are not editing any other file related to vsftpd package.
Before this the practical has been tested in freshly installed CentOS 6.3 with the given below features –
Operating System : CentOS release 6.3 (Final)
Kernel : Linux localhost.localdomain 2.6.32-279.el6.i686 #1 SMP Fri Jun 22 10:59:55 UTC 2012 i686 i686 i386 GNU/Linux
vsftpd rpm package : vsftpd-2.2.2-11.el6.i686
Selinux : On
This is my server information:
[root@localhost vsftpd]# cat /etc/issue CentOS release 6.3 (Final) Kernel r on an m [root@localhost vsftpd]# uname -ar Linux localhost.localdomain 2.6.32-279.el6.i686 #1 SMP Fri Jun 22 10:59:55 UTC 2012 i686 i686 i386 GNU/Linux [root@localhost vsftpd]# rpm -qa|grep vsftpd vsftpd-2.2.2-11.el6.i686 [root@localhost vsftpd]# getenforce Enforcing [root@localhost vsftpd]#
Now start working on vsftp server.
Step 1: Install vsftpd package in server.
yum install -y vsftpd
Step 2: Now take the backup of original vsftpd.conf file .(It is good practice to keep backup of original file)
cd /etc/vsftpd cp -p vsftpd.conf vsftpd.conf.orig
Step 3 : I have edited only this value anonymous_enable=YES and made as anonymous_enable=NO
Step 4: Now in vsftpd.conf file only the given below parameters are uncommented.
Note: command egrep -v “^#|^$” vsftpd.conf helps to find only uncommented line and blank line in vsftpd.conf file. In vsftpd we use # to comment hence ^# is used for any line starting with #.
(Read about REGEX for these symbols ๐ , I will explain this in different post.)
[root@localhost vsftpd]# egrep -v "^#|^$" vsftpd.conf anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES [root@localhost vsftpd]#
Step 5:Allowing user to login at its home directory through disabling selinux for particular requirement.
[root@localhost vsftpd]# getsebool -a|grep ftp allow_ftpd_anon_write off allow_ftpd_full_access off allow_ftpd_use_cifs off allow_ftpd_use_nfs off ftp_home_dir off ftpd_connect_db off ftpd_use_passive_mode off httpd_enable_ftp_server off tftp_anon_write off [root@localhost vsftpd]# setsebool -P ftp_home_dir on [root@localhost vsftpd]# [root@localhost vsftpd]# getsebool -a|grep ftp allow_ftpd_anon_write off allow_ftpd_full_access off allow_ftpd_use_cifs off allow_ftpd_use_nfs off ftp_home_dir on ftpd_connect_db off ftpd_use_passive_mode off httpd_enable_ftp_server off tftp_anon_write off [root@localhost vsftpd]#
Step 6: Edit the iptable file for permanent setting.
Allowing the port no. 21 and 20 for ftp Server.
After editing restart the iptable.
[root@localhost sysconfig]#cd /etc/sysconfig [root@localhost sysconfig]#cp -p iptables iptables.orig [root@localhost sysconfig]# cat iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp --dport 21 -j ACCEPT -A INPUT -p tcp --dport 20 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A INPUT -j REJECT COMMIT [root@localhost sysconfig]# /etc/init.d/iptables restart
Start the vsftp server
[root@localhost ~]# /etc/init.d/vsftpd start
Step 7: Create a user in server and set its password.
useradd test passwd test
Step 8: now try to login from ftp client.
from linux : use the command
ftp server_ip
. Give user name and password.
from windows : filezilla or any other windows ftp client.
For given below reference there was no editing in other important file.
[root@localhost vsftpd]# cat ftpusers # Users that are not allowed to login via ftp root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody [root@localhost vsftpd]# [root@localhost vsftpd]# cat user_list # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody [root@localhost vsftpd]#
when i am trying to connect through filezilla it says that error.
Response: 500 OOPS: cannot change directory:/home/deb
this article is applicable for public ftp configure.
or i need anything.
please let me know.
Dear,
i followed you tutorial and i have the same system config as you have …!!
i am using Virtual BOX: centos 6.3 final etc,
as a client i have windows 7, and XP
Client software: Filezilla & WinSCP
after this configuration when i am trying to connect with
WinSCP: FTP Port 21
ip=192.168.0.110
user name: saqib
password: saqib
it shows error: Timeout detected, could not retrieve directory Listing, Error listing directory ‘/Home’/saqib’.
Please Help ….!!
and after that how to put quota or limited hard disk space for each client ?
Hello Saqib,
Share the vsftpd.conf file,details.
Meanwhile,check the SELINUX and IPTABLES
I need following output of below given command –
(1) egrep -v ‘^#|^$’ vsftpd.conf
(2) ls -ld /home/saqib
(3) getenforce
(4) iptables -nL
(5) in Windows machine, open the cmd and type command , telnet give-samba-server-ip 21
Hi,
Do you know how to restrict the user to its home directory only? chroot_local_user seems just fine for ftp access over a web browser, however, when connecting by sFTP via Filezilla or TotalCommander, the user can browse up however they like …
People say it’s a bug ;/
Did you manage to jail a user to its home directory on centOS ?
Regards,
Thomas
Hello Thomas,
FTP and SFTP both uses different port no.
FTP uses the port no. 20 and 21
Wheres SFTP uses port no. 22 ,the port no. 22 by-default known port no. for SSH.If you want the SFTP should be setup it has no relationship with any FTP settings.
I am working on your SFTP setup.
Thanks to you as well because this topic I forgot to write in my blog.
Hello,
I followed those steps and can see the link. I can click through and seem to have read access to the wordpress files, but I can’t upload or make changes.
Any advice would be great!
Thanks,
Lisa
Hello Lisa,
The tutorial is about user can login in its home directory and can do upload/download at their home directory (i.e /home/username).
As per your question you are trying to access wordpress application directory and I assume you have installed it in /var/www or /var/www/html . In this case the scenario is different. Let me know the complete scenario and details.The task is achievable.
Share the vsftpd.conf file and the path where the wordpress is installed.
Thanks for the info, I have ftp access on a user I created on my Centos VPS, However it is not good enough for my wordpress install to upgrade and install plugins etc. My user I created needs to access www/html .
I cant find ant good tut like this one on how to do this.
Could you tell me the process please?
Thanks,
Graham.
Hello Graham,
You can achieve this by creating a symlink or softlink in user’s home directory.
For eg.
ftp user name : graham
steps to follow:
step 1: cd /home/graham
step 2: ln -s /var/www/html html
Now when you login with ftp user called graham, you can see html symlink.
Let me know are you able to upload or download the files then I will tell you about next step.
follow the above given steps, if find any issue let me know.
I only see pub folder by your instructin.
check vsftpd.conf file again,
check below given values
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES