Install vsftpd for CentOS

Install and run vsftpd

Use the group installation that is available in the YUM package manager.

  1. Run the following command to install everything you need :
    # sudo yum install vsftpd
  2. To start vsftpd, run the following command :
    # sudo service vsftpd start

    Now that you have a working installation of vsftpd already on the server. Now you can make a few of configuration changes for security and convenience.

    Set the vsftp service to start on reboot

    You can use the chkconfig tool to view which services start automatically when the server starts, and on which run level they start. To get vsftpd to start on the most common run levels (3,4,5), run the following command :

    # sudo chkconfig vsftpd on

    Verify the “on” status by checking the chkconfig output for vsftpd :

# chkconfig --list vsftpd

The standard vsftpd configuration file and all subsequent files for CentOS reside in the /etc/vsftpd/directory. The most important file in this directory is vsftpd.conf. You need to make two changes to this file for security and convenience. These are the changes described in the next two sections.

To get started, open the /etc/vsftpd/vsftpd.conf file in your favorite text editor.

Disable anonymous users

We recommend disabling anonymous FTP, unless you have a specific requirement to use it.

Change the value for anonymous_enable to No, as follows :

# Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO

Restrict user access

Now configure vsftpd to be able to chroot (commonly referred to as jailing) users to their home directories for security and privacy.

  1. Change the value of chroot_list_enable to No, as follows :

    # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_list_enable=NO # (default follows) chroot_list_file=/etc/vsftpd/chroot_list

  2. Ensure that users are jailed in their home directory by adding the following entry to the bottom of the file :

    chroot_local_user=YES

  3. Save the /etc/vsftpd/vsftpd.conf file.
  4. So that you do not get an error when restarting, create the chroot_list file, as follows :

    sudo touch /etc/vsftpd/chroot_list

Configure the firewall

  1. Open ports in your firewall by running the following command :
    # sudo iptables -I INPUT 4 -m tcp -p tcp -m conntrack --ctstate NEW --dport 21 -j ACCEPT
  2. Save your configuration :
    # sudo service iptables save
  3. Open the /etc/sysconfig/iptables-config file in your favorite editor.
  4. Verify that the IPTABLES_MODULES variable is specified as ip_conntrack_ftp (CentOS 5) or nf_conntrack_ftp (CentOS 6), as shown in the following examples :> Centos 5 (ip_conntrack_ftp):
    IPTABLES_MODULES="ip_conntrack_ftp"
    

    >Centos 6 (nf_conntrack_ftp):

    IPTABLES_MODULES=”nf_conntrack_ftp”
  5. Save the iptables-config file and restart iptables:
    # sudo service iptables restart

    Access your server through FTP

    Use one of the following methods to access the server.

    Using a browser

    Enter the name of your FTP site into a browser address bar, as shown in the following screenshot and supply the login credentials when prompted.

    Open FTP via browser

    Using an FTP client

    Use one of the many low-cost or free FTP applications, such as CyberDuck and Fireuploader, that are available for download.

    Using the command line

    Use the following syntax to open an FTP session from the command line:

    ftp example.com
    

    To close the FTP session, type exit in the session window.

 

 

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *