CentOS VSFTPD

How to set up an FTP Server on CentOS 8 using VSFTPD

by

What is FTP?

FTP (File Transfer Protocol) is a client-server network protocol that allows users to exchange files to and from remote computers.

FTP uses plain text to transfer data and access data. There are several different open-source FTP servers available for the Linux operating system platform. The most commonly used FTP servers are VSFTPD, ProFTPD and PureFTPD. The FTP protocol uses port number 21 for connection and port 20 for data transfer. In passive mode, additional ports are used.

In this tutorial, we will learn how to set up and configure VSFTPD. It is very secure and stable and available in the CentOS 8 package repository.

Install VSFTP FTP-Server

To install the VSFTPD package on CentOS 8, open up a terminal or connect to your server by SSH as root user and type in the following command:

# dnf install –y vsftpd

Installing VSFTPD

Once the package is installed, start and enable the VSFTPD service by using the following command:

# systemctl enable vsftpd
# systemctl start vsftpd

Enable FTP service

Start FTP service

Take a copy of original configuration file /etc/vsftpd/vsftpd.conf by typing the following command:

# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bk

Make a backup copy of the original configuration file

Now edit the configuration file, by using the following command:

# vim /etc/vsftpd/vsftpd.conf

Edit the configuration file with vim

Find and set following directives therein:

anonymous_enable=NO # disable anonymous users(Unknown users)
local_enable=YES # allow local users
write_enable=YES # allow ftp write commands
local_umask=022 # set default umask
dirmessage_enable=YES # enable messages on change directory
xferlog_enable=YES # enable logging of uploads and downloads
connect_from_port_20=YES # ensure PORT transfer connections from port 20 xferlog_std_format=YES # keep standard log format
listen=NO # prevent vsftpd run in stand-alone mode
listen_ipv6=YES # allow vsftpd to listen on IPv6 socket
pam_service_name=vsftpd # set PAM Service name to vsftpd

Configure user list in FTP Server

By default, all the users that are in the user_list file located at /etc/vsftpd/user_list are allowed to use FTP services.

To restrict users in a chrooted environment, use the following directives:

chroot_local_user=YES # Create chrooted environment for users
allow_writeable_chroot=YES # Allow write permission to a user on chroot jail directory

To keep user restrict to their home directory, use the following directives:

userlist_enable=YES # enable vsftpd to load usernames
userlist_deny=NO # allow access to users in the user list

If you want to provide an overall access to our system add this directive into your configuration file:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list #users in this file list have an overall access

Save and close the configuration file.

Now, create a chroot_list under /etc/vsftpd/ directory, by using the following command:

# touch /etc/vsftpd/chroot_list

Chroot FTP users

Add only those users in that list to whom you want to provide overall access on the system.

Create a user to access FTP Services

To create a user for using FTP service, use the following command:

# useradd user1
# passwd user1

Add that user in user_list file to restrict a user to their home directory, use the following command:

# vim /etc/vsftpd/user_list

Type "i" for insert and type that user name, as shown in the figure:

Create FTP user

Press ESC and type :wq! for save the file.

If you want to provide a specific user an overall access to the system add that user in /etc/vsftpd/chroot_list.

Restart the VSFTPD Service:

# systemctl restart vsftpd

Apply configuration changes

Verify the status of FTP Service using the following command:

# systemctl status vsftpd

Check FTP service status

Configure Firewall for FTP

To allow FTP service through the firewall, use the following command:

# firewall-cmd - - add-service = ftp - - permanent
# firewall-cmd - - reload

Configure firewalld for FTP

Apply Firewall configuration changes

Testing FTP Server from Windows Machine

To connect to FTP Server need a client software. The most commonly used software for FTP is FileZilla, WINSCP, etc. I am using FileZilla for connection.

Open Up your FTP Client Software, enter the following details to connect:

Host -- > IP address or hostname.

Username: FTP username (In my case it is user1)

Password

Port: 21

Test FTP Connection

After successfully connected, you can upload/download files according to your need.

FTP Connection tested successfully

Conclusion

In this tutorial we learned how to set up an FTP server on Centos 8, how to restrict users to their home directory and how to grant them read/write access. We also saw how to give the specific user general access to the system.