HOW TO CONFIGURE LINUX FTP SERVER (VSFTPD SERVER) IN REDHAT/CENTOS/FEDORA
HOW TO CONFIGURE LINUX FTP SERVER (VSFTPD SERVER) IN REDHAT/CENTOS/FEDORA
Introduction
In this article we are going to learn How to configure Vsftpd Linux FTP Server. Vsftpd stands for Very Secure File Transfer Protocol is a FTP Server used to transfer data over network securely. The port number of Vsftpd Server is 21. Vsftpd Linux FTP Server is available for all Linux distros like Redhat, Debian, Ubuntu..etc..
Follow the below steps to Configure Vsftpd Linux FTP Server in Linux
Step : 1 Install Package for Linux FTP Server (Vsftpd Server)
Before we start the configuration of Vsftpd Linux FTP Server we have to install required packages. To do so refer the below command.
[root@localhost ~]# yum -y install vsftpd # Install Vsftpd Linux FTP Server Package
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos-hcm.viettelidc.com.vn
* extras: centos-hcm.viettelidc.com.vn
* updates: centos.excellmedia.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-24.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================
Installing:
vsftpd x86_64 2.2.2-24.el6 base 156 k
Transaction Summary
===================================================================================================================================
Install 1 Package(s)
Total download size: 156 k
Installed size: 340 k
Downloading Packages:
vsftpd-2.2.2-24.el6.x86_64.rpm | 156 kB 00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-24.el6.x86_64 1/1
Verifying : vsftpd-2.2.2-24.el6.x86_64 1/1
Installed:
vsftpd.x86_64 0:2.2.2-24.el6
Complete!
To confirm the Package installation we can use rpm -qa command. Refer the command below.
[root@localhost ~]# rpm -qa | grep vsftpd # Confirm the Package Installation
vsftpd-2.2.2-24.el6.x86_64
After vsftpd package installation we have to check the required file locations of Vsftpd Linux FTP Server like main configuration file Location i.e. vsftpd.conf, vsftpd user’s restriction configuration files and many more.
[root@localhost ~]# rpm -ql vsftpd # Query the Files & Directory location of Installed Package /etc/logrotate.d/vsftpd /etc/pam.d/vsftpd /etc/rc.d/init.d/vsftpd # Used to Start/Stop/Restart vsftpd service /etc/vsftpd /etc/vsftpd/ftpusers # Used to Restrict User from Login Vsftpd Server /etc/vsftpd/user_list # Allow/DisAllow Users from Login Vsftpd Server /etc/vsftpd/vsftpd.conf # Main Configuration File of Linux FTP Server /etc/vsftpd/vsftpd_conf_migrate.sh /usr/sbin/vsftpd # Binary File /var/ftp /var/ftp/pub # Default Document Directory
Step : 2 Start the Vsftpd Service
Start the Vsftpd Linux FTP Server service using below command.
[root@localhost ~]# /etc/init.d/vsftpd start # Start the Vsftpd Service
Starting vsftpd for vsftpd: [ OK ]
We have to start the Vsftpd service at system startup otherwise when we restart the system, again we have to start the service manually. So we can start the service at startup using chkconfig command. Refer the command below.
[root@localhost ~]# chkconfig --level 35 vsftpd on # Start the Vsftpd service at startup [root@localhost ~]# chkconfig --list vsftpd # Confirm the Startup Setting vsftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
Also Read :
- STEP BY STEP LINUX DHCP SERVER CONFIGURATION IN REDHAT/CENTOS/FEDORA
- STEP BY STEP TIGERVNC SERVER CONFIGURATION – A REMOTE DESKTOP APPLICATION FOR LINUX
Step : 3 Configure Vsftpd Linux FTP Server
Note : Restart the Vsftpd Service after every changes to take effect using below command.
[root@localhost ~]# /etc/init.d/vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
Now let’s understand some very important syntax of Vsftpd Linux FTP Server. One of the most important and useful syntax is anonymous_enable.
We have two anonymous users in linux i.e. ftp and anonymous. If you want to allow the vsftpd server to login by using anonymous users then just edit the /etc/vsftpd/vsftpd.conf file and search for anonymous_enable and set as anonymous_enable=YES. Refer the Sample Output below.
Note : Password for anonymous users i.e. ftp and anonymous is BLANK. BLANK in the sense there is no password for both users So just press enter while asking for Password.
[root@localhost ~]# nano /etc/vsftpd/vsftpd.conf # Edit the Vsftpd Linux FTP Server Main Configuration File anonymous_enable=YES # Allowing to Login Vsftpd Server using Anonymous Users
Restart the Vsftpd Service using below command to effect the changes.
[root@localhost ~]# /etc/init.d/vsftpd restart # Restart the Vsftpd Service
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
Now let’s try login using anonymous users i.e. ftp & anonymous. Refer the Sample Output below.
[root@localhost ~]# ftp localhost # Logging in using "ftp" User Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye. [root@localhost ~]# ftp localhost # Logging in using anonymous User Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye.
Now If you want to Disable login anonymous users then just use the syntax anonymous_enable=NO. and with that you have allow another syntax i.e. local_enable=YES so that Local users can be able to login the Vsftpd Linux FTP Server. Refer the Sample output below.
[root@localhost ~]# nano /etc/vsftpd/vsftpd.conf anonymous_enable=NO # Disable Login Anonymous Users local_enable=YES # Allow Login Local Users
Restart the Vsftpd Service after saving changes.
Here I have a User named helpdesk. So let’s try to login the Vsftpd Linux Server using helpdesk.
[root@localhost ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): helpdesk
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
if you set local_enable=NO with anonymous_enable=NO then you will get the below error message.
[root@localhost ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
500 OOPS: vsftpd: both local and anonymous access disabled!
To control user’s login to Vsftpd Linux FTP Server we have two useful files i.e. /etc/vsftpd/user_list and /etc/vsftpd/ftpusers. So let’s understand the uses of both files.
- /etc/vsftpd/ftpusers : The user’s added in this file will not allowed to login via FTP. For Example I have added one of my user i.e. helpdesk. Now let’s try to login via FTP using helpdesk.
[root@localhost ~]# nano /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
helpdesk
As you can see below I am unable to login via FTP using the user helpdesk. So you can utilize this file to restrict users from access Vsftpd Server.
Sample Output :
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 530 Login incorrect. Login failed.
Now let’s move toward our next file i.e. /etc/vsftpd/user_list. You can use this file to both allow or Disallow the users from login via FTP Server. If you use the syntax userlist_deny=NO in /etc/vsftpd/vsftpd.conf file then the users you have mentioned in this file are allowed to login via FTP Server and if you use syntax userlist_deny=YES in /etc/vsftpd/vsftpd.conf file then the users you have mentioned in this file are not allowed to login via FTP Server. I have tried both the scenarios by using the user helpdesk. Refer the Sample output below.
[root@localhost ~]# nano /etc/vsftpd/user_list # Add the User by edit the File # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody helpdesk
First I tried using userlist_deny=YES and got the below output.
[root@localhost ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): helpdesk
530 Permission denied.
Login failed.
Then when I tried userlist_deny=NO then I able to successfully login via Vsftpd Linux FTP Server.
Some Important & Useful Global Syntax of Vsftpd Server for Basic Configuration :
- anonymous_enable : To Enable/Disable Anonymous Login Via FTP.
- local_enable : To Enable/Disable login local Users via FTP.
- write_enable : Used to allow users Write on Vsftpd Linux FTP Server.
- anon_mkdir_write_enable : Allow Anonymous Users to Create directory on FTP Server.
- anon_upload_enable : Allow anonymous users to upload data on FTP Server.
- idle_session_timeout : Allow to set Time/Session in Seconds.
For more Vaftpd Syntax and Directived you can Refer this link.
Now let’s perform a task and configure the Vsftpd Linux FTP Server to make your concept more clear.
So the task is Configure the Vsftpd Linux FTP Server (Basic Configuration) with below Settings :
- Disable Anonymous Login
- Session Timeout in 600 Seconfs
- Allow Local Users Login
- All users should be able to write in FTP Server
For above task just edit the /etc/vsftpd/vsftpd.conf file and search for below syntax and do the settings as I shown below.
anonymous_enable=NO local_enable=YES write_enable=YES idle_session_timeout=600
Troubleshooting :
If you got some error like 500 OOPS: cannot change directory while connecting to FTP Server.
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/helpdesk Login failed.
Solution : Disable the SELinux by using below Step.
[root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Permissive [root@localhost ~]# nano /etc/sysconfig/selinux SELINUX=disabled
Vsftpd Linux FTP Server comes with huge range of features and it’s not possible to include all of those settings in one article. I will write a another article on Advance features of Vsftpd Server. Till then stay follow the articles of elinuxbook.com
If you found this article useful then Like Us, Share Us, Subscribe our Newsletter OR if you have something to say then feel free to comment on the comment box below.
