How to configure FTP server in CentOS 6.3 – vsftpd server

vsftpd, which stands for “Very Secure FTP Daemon”,vsftp is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
vsftpd supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS.
vsftpd is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions.

This tutorial is applicable to all CentOS and Red Hat server. (CentOS 3,4,5 and 6) .
In this post I will show you how to configure a vsftpd server and how the system user can login in ftp server.
The user will bydefault login into its home directory in Server.

FTP protocol: 20 and 21

We will only edit the /etc/vsftpd/vsftpd.conf file. We are not editing any other file related to vsftpd package.

Before this the practical has been tested in freshly installed CentOS 6.3 with the given below features –

Operating System : CentOS release 6.3 (Final)
Kernel : Linux localhost.localdomain 2.6.32-279.el6.i686 #1 SMP Fri Jun 22 10:59:55 UTC 2012 i686 i686 i386 GNU/Linux
vsftpd rpm package : vsftpd-2.2.2-11.el6.i686
Selinux : On

This is my server information:

[root@localhost vsftpd]# cat /etc/issue
CentOS release 6.3 (Final)
Kernel r on an m

[root@localhost vsftpd]# uname -ar
Linux localhost.localdomain 2.6.32-279.el6.i686 #1 SMP Fri Jun 22 10:59:55 UTC 2012 i686 i686 i386 GNU/Linux
[root@localhost vsftpd]# rpm -qa|grep vsftpd
vsftpd-2.2.2-11.el6.i686
[root@localhost vsftpd]# getenforce
Enforcing
[root@localhost vsftpd]#

Now start working on vsftp server.

Step 1: Install vsftpd package in server.

yum install -y vsftpd

Step 2: Now take the backup of original vsftpd.conf file .(It is good practice to keep backup of original file)

cd /etc/vsftpd
cp -p vsftpd.conf vsftpd.conf.orig

Step 3 : I have edited only this value anonymous_enable=YES and made as anonymous_enable=NO

Step 4: Now in vsftpd.conf file only the given below parameters are uncommented.

Note: command egrep -v “^#|^$” vsftpd.conf helps to find only uncommented line and blank line in vsftpd.conf file. In vsftpd we use # to comment hence ^# is used for any line starting with #.
(Read about REGEX for these symbols 🙂 , I will explain this in different post.)

[root@localhost vsftpd]# egrep -v "^#|^$" vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
[root@localhost vsftpd]#

Step 5:Allowing user to login at its home directory through disabling selinux for particular requirement.

[root@localhost vsftpd]# getsebool -a|grep ftp
allow_ftpd_anon_write  off
allow_ftpd_full_access  off
allow_ftpd_use_cifs  off
allow_ftpd_use_nfs off
ftp_home_dir  off
ftpd_connect_db  off
ftpd_use_passive_mode  off
httpd_enable_ftp_server  off
tftp_anon_write  off
[root@localhost vsftpd]# setsebool -P ftp_home_dir on
[root@localhost vsftpd]# 
[root@localhost vsftpd]# getsebool -a|grep ftp
allow_ftpd_anon_write  off
allow_ftpd_full_access  off
allow_ftpd_use_cifs  off
allow_ftpd_use_nfs  off
ftp_home_dir  on
ftpd_connect_db  off
ftpd_use_passive_mode  off
httpd_enable_ftp_server  off
tftp_anon_write  off
[root@localhost vsftpd]#

Step 6: Edit the iptable file for permanent setting.
Allowing the port no. 21 and 20 for ftp Server.
After editing restart the iptable.

[root@localhost sysconfig]#cd /etc/sysconfig
[root@localhost sysconfig]#cp -p iptables iptables.orig

[root@localhost sysconfig]# cat iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 21 -j ACCEPT
-A INPUT -p tcp --dport 20 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -j REJECT
COMMIT
[root@localhost sysconfig]# /etc/init.d/iptables restart

Start the vsftp server

[root@localhost ~]# /etc/init.d/vsftpd start

Step 7: Create a user in server and set its password.

useradd test
passwd test

Step 8: now try to login from ftp client.

from linux : use the command

ftp server_ip

. Give user name and password.
from windows : filezilla or any other windows ftp client.

For given below reference there was no editing in other important file.

[root@localhost vsftpd]# cat ftpusers 
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@localhost vsftpd]#

[root@localhost vsftpd]# cat user_list 
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@localhost vsftpd]#

Read Some More Articles

11 Comments

  1. when i am trying to connect through filezilla it says that error.

    Response: 500 OOPS: cannot change directory:/home/deb

    this article is applicable for public ftp configure.
    or i need anything.
    please let me know.

  2. Dear,

    i followed you tutorial and i have the same system config as you have …!!
    i am using Virtual BOX: centos 6.3 final etc,

    as a client i have windows 7, and XP

    Client software: Filezilla & WinSCP

    after this configuration when i am trying to connect with

    WinSCP: FTP Port 21
    ip=192.168.0.110
    user name: saqib
    password: saqib

    it shows error: Timeout detected, could not retrieve directory Listing, Error listing directory ‘/Home’/saqib’.

    Please Help ….!!

    and after that how to put quota or limited hard disk space for each client ?

    1. Hello Saqib,

      Share the vsftpd.conf file,details.
      Meanwhile,check the SELINUX and IPTABLES

      I need following output of below given command –

      (1) egrep -v ‘^#|^$’ vsftpd.conf

      (2) ls -ld /home/saqib

      (3) getenforce

      (4) iptables -nL

      (5) in Windows machine, open the cmd and type command , telnet give-samba-server-ip 21

  3. Hi,
    Do you know how to restrict the user to its home directory only? chroot_local_user seems just fine for ftp access over a web browser, however, when connecting by sFTP via Filezilla or TotalCommander, the user can browse up however they like …

    People say it’s a bug ;/
    Did you manage to jail a user to its home directory on centOS ?

    Regards,
    Thomas

    1. Hello Thomas,

      FTP and SFTP both uses different port no.
      FTP uses the port no. 20 and 21
      Wheres SFTP uses port no. 22 ,the port no. 22 by-default known port no. for SSH.If you want the SFTP should be setup it has no relationship with any FTP settings.
      I am working on your SFTP setup.

      Thanks to you as well because this topic I forgot to write in my blog.

  4. Hello,

    I followed those steps and can see the link. I can click through and seem to have read access to the wordpress files, but I can’t upload or make changes.

    Any advice would be great!

    Thanks,

    Lisa

    1. Hello Lisa,
      The tutorial is about user can login in its home directory and can do upload/download at their home directory (i.e /home/username).
      As per your question you are trying to access wordpress application directory and I assume you have installed it in /var/www or /var/www/html . In this case the scenario is different. Let me know the complete scenario and details.The task is achievable.
      Share the vsftpd.conf file and the path where the wordpress is installed.

  5. Thanks for the info, I have ftp access on a user I created on my Centos VPS, However it is not good enough for my wordpress install to upgrade and install plugins etc. My user I created needs to access www/html .
    I cant find ant good tut like this one on how to do this.
    Could you tell me the process please?
    Thanks,
    Graham.

    1. Hello Graham,

      You can achieve this by creating a symlink or softlink in user’s home directory.
      For eg.
      ftp user name : graham

      steps to follow:

      step 1: cd /home/graham

      step 2: ln -s /var/www/html html

      Now when you login with ftp user called graham, you can see html symlink.

      Let me know are you able to upload or download the files then I will tell you about next step.
      follow the above given steps, if find any issue let me know.

        1. check vsftpd.conf file again,
          check below given values

          anonymous_enable=NO
          local_enable=YES
          write_enable=YES
          local_umask=022
          dirmessage_enable=YES
          xferlog_enable=YES
          connect_from_port_20=YES
          xferlog_std_format=YES
          listen=YES
          pam_service_name=vsftpd
          userlist_enable=YES
          tcp_wrappers=YES

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.