Sunday, November 2, 2014

Set Up vsftpd on CentOS 6

Posted on by Unknown with
Very secure ftp (vsftpd), which stands for “Very Security FTP daemon.” It is a lighweight FTP server built with security in mind.

Its lightweight nature allows it to scale very efficiently, and many large sites (ftp.redhat.com, ftp.debian.org, ftp.freebsd.org) currently utilize vsftpd as their FTP server of choice.

Install
You can quickly install vsftpd on your virtual private server in the command line:

su

yum install vsftpd

We also need to install the FTP client, so that we can connect to an FTP server:

yum install ftp


Open up the configuration file:

vi /etc/vsftpd/vsftpd.conf

One primary change you need to make is to change:

anonymous_enable=NO

local_enable=YES

chroot_local_user=YES

To the bottom add the following lines to the file, and replace 'SERVERIP' with the IP address of your server.

pasv_min_port=5000
pasv_max_port=5500
pasv_address=SERVERIP
pasv_promiscuous=NO
pasv_enable=YES



Configuring IPTables

We need to open a range of ports in the firewall (iptables). This can be done by adding three lines to the iptables file.

vi /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 21    -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5500 -j ACCEPT


vi /etc/sysconfig/iptables-config

Add the following

IPTABLES_MODULES="ip_conntrack_ftp"



Add New FTP User

Let's add the new user called 'ftpuser' and set '/var/www/path/to/your/dir' as his home directory :

useradd -d '/var/www/path/to/your/dir' -s /sbin/nologin ftpuser

Setup a password for the new user :

passwd ftpuser


Create the home directory for the new user, if you haven't done it before :

mkdir -p /var/www/path/to/your/dir

To enable the 'ftpuser' to read and write the data in his home directory, change the permissions and the ownership :

chown -R ftpuser '/var/www/path/to/your/dir'

chmod 775 '/var/www/path/to/your/dir'

Add the group 'ftpusers' for an FTP users and add the 'ftpuser' to it :

groupadd ftpusers

usermod -G ftpusers ftpuser

done !! restart the service


service vsftpd restart


chkconfig vsftpd on

to use ftp client :

ftp example.com

username :
password :