Linux Servers : How to configure FTP server in CentOS 6.3 – vsftpd server

How to configure FTP server in CentOS 6.3 – vsftpd server

How to configure FTP server in CentOS 6.3 – vsftpd server

vsftpd, which stands for “Very Secure FTP Daemon”,vsftp is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
vsftpd supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS.
vsftpd is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions.

This tutorial is applicable to all CentOS and Red Hat server. (CentOS 3,4,5 and 6) .
In this post I will show you how to configure a vsftpd server and how the system user can login in ftp server.
The user will bydefault login into its home directory in Server.

FTP protocol: 20 and 21

We will only edit the /etc/vsftpd/vsftpd.conf file. We are not editing any other file related to vsftpd package.

Before this the practical has been tested in freshly installed CentOS 6.3 with the given below features -

Operating System : CentOS release 6.3 (Final)
Kernel : Linux localhost.localdomain 2.6.32-279.el6.i686 #1 SMP Fri Jun 22 10:59:55 UTC 2012 i686 i686 i386 GNU/Linux
vsftpd rpm package : vsftpd-2.2.2-11.el6.i686
Selinux : On

This is my server information:

1 2 3 4 5 6 7 8 9 10 11

[root@localhost vsftpd]# cat /etc/issue CentOS release 6.3 (Final) Kernel \r on an \m [root@localhost vsftpd]# uname -ar Linux localhost.localdomain 2.6.32-279.el6.i686 #1 SMP Fri Jun 22 10:59:55 UTC 2012 i686 i686 i386 GNU/Linux [root@localhost vsftpd]# rpm -qa|grep vsftpd vsftpd-2.2.2-11.el6.i686 [root@localhost vsftpd]# getenforce Enforcing [root@localhost vsftpd]#

Now start working on vsftp server.

Step 1: Install vsftpd package in server.

1	yum install -y vsftpd

Step 2: Now take the backup of original vsftpd.conf file .(It is good practice to keep backup of original file)

1 2	cd /etc/vsftpd cp -p vsftpd.conf vsftpd.conf.orig

Step 3 : I have edited only this value anonymous_enable=YES and made as anonymous_enable=NO

Step 4: Now in vsftpd.conf file only the given below parameters are uncommented.

Note: command egrep -v “^#|^$” vsftpd.conf helps to find only uncommented line and blank line in vsftpd.conf file. In vsftpd we use # to comment hence ^# is used for any line starting with #.
(Read about REGEX for these symbols  , I will explain this in different post.)

1 2 3 4 5 6 7 8 9 10 11 12 13 14

[root@localhost vsftpd]# egrep -v "^#|^$" vsftpd.conf anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES [root@localhost vsftpd]#

Step 5:Allowing user to login at its home directory through disabling selinux for particular requirement.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

[root@localhost vsftpd]# getsebool -a|grep ftp allow_ftpd_anon_write  off allow_ftpd_full_access  off allow_ftpd_use_cifs  off allow_ftpd_use_nfs off ftp_home_dir  off ftpd_connect_db  off ftpd_use_passive_mode  off httpd_enable_ftp_server  off tftp_anon_write  off [root@localhost vsftpd]# setsebool -P ftp_home_dir on [root@localhost vsftpd]# [root@localhost vsftpd]# getsebool -a|grep ftp allow_ftpd_anon_write  off allow_ftpd_full_access  off allow_ftpd_use_cifs  off allow_ftpd_use_nfs  off ftp_home_dir  on ftpd_connect_db  off ftpd_use_passive_mode  off httpd_enable_ftp_server  off tftp_anon_write  off [root@localhost vsftpd]#

Step 6: Edit the iptable file for permanent setting.
Allowing the port no. 21 and 20 for ftp Server.
After editing restart the iptable.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

[root@localhost sysconfig]#cd /etc/sysconfig [root@localhost sysconfig]#cp -p iptables iptables.orig [root@localhost sysconfig]# cat iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp --dport 21 -j ACCEPT -A INPUT -p tcp --dport 20 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A INPUT -j REJECT COMMIT [root@localhost sysconfig]# /etc/init.d/iptables restart

Start the vsftp server

1	[root@localhost ~]# /etc/init.d/vsftpd start

Step 7: Create a user in server and set its password.

1 2	useradd test passwd test

Step 8: now try to login from ftp client.

from linux : use the command

1	ftp server_ip

. Give user name and password.
from windows : filezilla or any other windows ftp client.

For given below reference there was no editing in other important file.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

[root@localhost vsftpd]# cat ftpusers # Users that are not allowed to login via ftp root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody [root@localhost vsftpd]# [root@localhost vsftpd]# cat user_list # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody [root@localhost vsftpd]#