Installing VSftpd FTP Server on CentOS/RHEL

VSftpd is an FTP server for Linux.

According to its authors, it is very secure, stable and fast.

In this article, I’ll show how to install and configure VSftpd FTP Server in Centos / RHEL and how to add new FTP user.

The FTP protocol is insecure. If it possible, use SFTP – Secure FTP which is inbuilt into OpenSSH SSHD server.

Install the VSftpd Server

Type the following command to install the VSftpd FTP Server:

yum install vsftpd

Backup the default configuration file ‘vsftpd.conf’:

cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.back

We also need to install the FTP client, so that we can connect to an FTP server:

yum install ftp

Configure the VSftpd Server

Once the VSftpd Server is installed, you can adjust the basic configuration.

Anonymous FTP is allowed by default. Set the anonymous_enable=NO to secure your server.

Open the configuration file:

vi /etc/vsftpd/vsftpd.conf

Make the following changes:

Option Description
anonymous_enable=NO Disable anonymous login
local_enable=YES Enable local users
write_enable=YES Give FTP users permissions to write data
connect_from_port_20=NO Port 20 need to be turned off. It makes VSftpd run less privileged
chroot_local_user=YES Chroot everyone
local_umask=022 Set umask to 022, to make sure that all the files (644) and folders (755) you upload, get the proper permissions

Check vsftpd.conf man pages, for all configuration options.

man vsftpd.conf

Add New FTP User

Let’s add the new user called ‘ftpuser’ and set ‘/var/www/path/to/your/dir’ as his home directory:

useradd -d '/var/www/path/to/your/dir' -s /sbin/nologin ftpuser

Setup a password for the new user:

passwd ftpuser

Create the home directory for the new user, if you haven’t done it before:

mkdir -p /var/www/path/to/your/dir

To enable the ‘ftpuser’ to read and write the data in his home directory, change the permissions and the ownership:

chown -R ftpuser '/var/www/path/to/your/dir'
chmod 775 '/var/www/path/to/your/dir'

Add the group ‘ftpusers’ for an FTP users and add the ‘ftpuser’ to it:

groupadd ftpusers
usermod -G ftpusers ftpuser

Configure the Firewall for VSftpd

Add the rule to the IPTABLES, if you use it:

vi /etc/sysconfig/iptables

Append the following line, before the REJECT line, to open the port 21:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

Save and close the file. Restart the firewall.

service iptables restart

Set the VSftpd service to Start At Boot

chkconfig --levels 235 vsftpd on

Start the VSftpd FTP service.

service vsftpd start

Test the VSftpd Server

Test the FTP Server locally.

ftp localhost

Output:

Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
***

Test it remotely.

ftp your.ftp.server.com

Output:

Connected to your.ftp.server.com.
220 (vsFTPd 2.2.2)
Name (your.ftp.server.com:yourname):
Name (localhost:root): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
***