HOW TO INSTALL & CONFIGURE VSFTPD ON RHEL/CENTOS/UBUNTU/FEDORA

How to Install and Configure Vsftpd Ftp Server on RHEL 6/ CentOS 6.2/ Ubuntu 11.10/ Fedora /Debian. VSftpd (Very Secure FTP Daemon) is an FTP server for Linux distributions. Vsftpd is the default FTP server is the Fedora, RHEL, CentOS, Ubuntu, NimbleX Linux distributions. It is not just secure as the name suggests but also delivers excellent performance by consuming less memory.

In this tutorial, i will show how to install and configure Vsftpd service by adding ftp users and locking the directory to individual users on Red Hat Enterprise Linux 6 (RHEL 6), Ubuntu, CentOS and Fedora.

Default ftp port : 21
Default configuration file : /etc/vsftpd.conf

Basic Vsftpd commands on RHEL/CentOS/Fedora

1. Install the Vsftpd service.

[root@rhel6 ~]# yum install vsftpd

2. Start Vsftpd Service :

[root@rhel6 ~]# service vsftpd start

3. Stop Vsftpd Service :

[root@rhel6 ~]# service vsftpd stop

4. Restart Vsftpd Service :

[root@rhel6 ~]# service vsftpd restart

5. Make Vsftpd Service auto start on boot up :

[root@rhel6 ~]# chkconfig vsftpd on

6. Edit the vsftp.conf

[root@rhel6 ~]# vi /etc/vsftpd/vsftpd.conf

Basic Vsftpd Commands on Ubuntu/ Debian

1. Install the Vsftpd service on Ubuntu.

[[root@ubuntu ~]# sudo apt-get install vsftpd

2. Start Vsftpd Service :

[[root@ubuntu ~]# sudo /etc/init.d/vsftpd start

3. Stop Vsftpd Service :

[[root@ubuntu ~]# sudo /etc/init.d/vsftpd stop

4. Restart Vsftpd Service :

[[root@ubuntu ~]# sudo /etc/init.d/vsftpd restart

5. Edit the vsftp.conf

[[root@ubuntu ~]# vi /etc/vsftpd.conf

Configure Vsftpd

Make the following changes of Vsftpd.conf on RHEL/CentOS/Fedora/Debian:

We don’t want anonymous login:

anonymous_enable=NO

Enable local users:

local_enable=YES

The ftpuser should be able to write data:

write_enable=YES

Port 20 need to turned off, makes vsftpd run less privileged:

connect_from_port_20=NO

Chroot everyone:

set umask to 022 to make sure that all the files (644) and folders (755) you upload get the proper permissions.

local_umask=022

That basic configuration is complete.

Now Let us begin with locking / securing a directory to user.

sudo useradd -d /var/www/path/to/your/dir -s /usr/sbin/nologin ftpuser

Setup a password for the user:

sudo passwd ftpuser

In order to enable the ftpuser read and write the data in your home dir, change the permission and take ownership:

sudo chown -R ftpuser /var/www/path/to/your/dir
sudo chmod 775 /var/www/path/to/your/dir

Create userlist file and add the user:

Ubuntu / Debian:

vi /etc/vsftpd.userlist

CentOS / Fedora / RHEL

vi /etc/vsftpd/vsftpd.userlist

Add the user:

ftpuser

save the file and open the vsftp.conf file again:

vi /etc/vsftpd.conf

Add the following lines at the end of the file and save it:

# the list of users to give access
userlist_file=/etc/vsftpd.userlist

# this list is on
userlist_enable=YES

# It is not a list of users to deny ftp access
userlist_deny=NO

After completing all these procedures it is almost ready to use it, give it a try but you will get a 500 OOPS permission denied error.

To fix it you need to add a nologin to the shell set.

vi /etc/shells

The file should look like this:

/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash

Add this line at the end:

/usr/sbin/nologin

Now create a usergroup and add the ftpuser to it:

sudo addgroup ftpusers
sudo usermod -Gftpusers ftpuser