VSftpd is an FTP server for Linux.
According to its authors, it is very secure, stable and fast.
In this article, I’ll show how to install and configure VSftpd FTP Server in Centos / RHEL and how to add new FTP user.
The FTP protocol is insecure. If it possible, use SFTP – Secure FTP which is inbuilt into OpenSSH SSHD server.
Install the VSftpd Server
Type the following command to install the VSftpd FTP Server:
yum install vsftpd
Backup the default configuration file ‘vsftpd.conf’:
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.back
We also need to install the FTP client, so that we can connect to an FTP server:
yum install ftp
Configure the VSftpd Server
Once the VSftpd Server is installed, you can adjust the basic configuration.
Anonymous FTP is allowed by default. Set the anonymous_enable=NO to secure your server.
Open the configuration file:
vi /etc/vsftpd/vsftpd.conf
Make the following changes:
| Option | Description |
|---|---|
| anonymous_enable=NO | Disable anonymous login |
| local_enable=YES | Enable local users |
| write_enable=YES | Give FTP users permissions to write data |
| connect_from_port_20=NO | Port 20 need to be turned off. It makes VSftpd run less privileged |
| chroot_local_user=YES | Chroot everyone |
| local_umask=022 | Set umask to 022, to make sure that all the files (644) and folders (755) you upload, get the proper permissions |
Check vsftpd.conf man pages, for all configuration options.
man vsftpd.conf
Add New FTP User
Let’s add the new user called ‘ftpuser’ and set ‘/var/www/path/to/your/dir’ as his home directory:
useradd -d '/var/www/path/to/your/dir' -s /sbin/nologin ftpuser
Setup a password for the new user:
passwd ftpuser
Create the home directory for the new user, if you haven’t done it before:
mkdir -p /var/www/path/to/your/dir
To enable the ‘ftpuser’ to read and write the data in his home directory, change the permissions and the ownership:
chown -R ftpuser '/var/www/path/to/your/dir' chmod 775 '/var/www/path/to/your/dir'
Add the group ‘ftpusers’ for an FTP users and add the ‘ftpuser’ to it:
groupadd ftpusers usermod -G ftpusers ftpuser
Configure the Firewall for VSftpd
Add the rule to the IPTABLES, if you use it:
vi /etc/sysconfig/iptables
Append the following line, before the REJECT line, to open the port 21:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
Save and close the file. Restart the firewall.
service iptables restart
Set the VSftpd service to Start At Boot
chkconfig --levels 235 vsftpd on
Start the VSftpd FTP service.
service vsftpd start
Test the VSftpd Server
Test the FTP Server locally.
ftp localhost
Output:
Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): ftpuser 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ***
Test it remotely.
ftp your.ftp.server.com
Output:
Connected to your.ftp.server.com. 220 (vsFTPd 2.2.2) Name (your.ftp.server.com:yourname): Name (localhost:root): ftpuser 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ***