Back

How to setup vsftpd FTP server on CentOS 6

This tutorial will guide you through the process of setting up vsftpd to allow a user to upload files to his or her home directory using FTP.

Prerequisites

All commands in this guide are to be performed by a user with root privileges. To elevate privileges use:

sudo su -

Check values of the SELinux policy booleans related to FTP:

getsebool -a | egrep 'ftp_home_dir|passive|ftpd_full_access'

If the values are 'off':

allow_ftpd_full_access --> off
ftp_home_dir --> off
ftpd_use_passive_mode --> off

Set them to 'on' by executing:

/etc/sysconfig/selinux
setsebool -P allow_ftpd_full_access on
setsebool -P ftp_home_dir on
setsebool -P ftpd_use_passive_mode on

Edit iptables config (/etc/sysconfig/iptables) to open FTP-specific TCP ports:

/etc/sysconfig/iptables
# Allow FTP connections @ port 21
-A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

# Allow Active FTP Connections
-A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT

# Allow Passive FTP Connections
-A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT

Apply changes:

iptables-restore /etc/sysconfig/iptables

Installation of vsftpd

Install vsftpd from the standard CentOS repo:

yum install vsftpd -y

Configuration of vsftpd

After installation, you need to edit /etc/vsftpd/vsftpd.conf according to your need. We recommend you make the following changes:

/etc/vsftpd/vsftpd.conf
# Controls whether anonymous logins are permitted or not. If enabled, both the usernames ftp and anonymous are recognised as anonymous logins.
anonymous_enable=NO

# Controls whether local logins are permitted or not. If enabled, normal user accounts in /etc/passwd (or wherever your PAM config references) may be used to log in. This must be enable for any non-anonymous login to work, including virtual users.
local_enable=YES

# This controls whether any FTP commands which change the filesystem are allowed or not. These commands are: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE.
write_enable=YES

# If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login.
chroot_local_user=YES

# The value that the umask for file creation is set to for local users.
local_umask=022

# If activated, files and directories starting with . will be shown in directory listings even if the "a" flag was not used by the client.
force_dot_files=YES

# If enabled, vsftpd will load a list of usernames, from the filename given by userlist_file.
userlist_enable=YES

# This option is examined if userlist_enable is activated. If you set this setting to NO, then users will be denied login unless they are explicitly listed in the file specified by userlist_file. When login is denied, the denial is issued before the user is asked for a password.
userlist_deny=NO

# This option is the name of the file loaded when the userlist_enable option is active.
userlist_file=/etc/vsftpd.userlist

Enable the vsftpd service and start it:

chkconfig vsftpd on
service vsftpd start

To allow access to vsftpd from the specific IPs, edit /etc/hosts.allow:

/etc/hosts.allow
vsftpd : 127.0.0.1 : allow
vsftpd : 10.0.0.0/8 : allow
vsftpd : ALL : deny

Use 'ALL' to allow access from any IP:

vsftpd : ALL : allow

User addition

Add a local user with disabled shell and the home dir set:

useradd user_name --shell /sbin/nologin --home-dir /path_to_directory

Set password:

passwd user_name

Add the same user to the vsftpd's user list:

echo "user_name" | tee -a /etc/vsftpd.userlist

To create a user with the same UID and GID as an existing user, use:

useradd user_name -o -u UID_client -g GID_client --shell /sbin/nologin --home-dir /path_to_directory

You can find UID and GID of an existing user by running:

id user_name

Share

Suggested Articles

  • Linux administration

    How to setup FTP server on Ubuntu 16.04

    Read more
  • Linux administration

    How to install LAMP on CentOS 6

    Read more