vsftpd FTP server

Getting Started

Log into SSH as the root user, or member of the root group. Make sure you have the credentials by verifying the current user.

To obtain further information on adding and removing users, type the following commands:
man useradd
mand usermod
man userdel
These commands will bring up the Linux user help files.

Processes

A. Installation

1. Issue the following command:
[root@localhost ~]# yum install vsftpd

Follow the yum dialog. When it is finished you will have successfully installed vsftpd.

B. Configuration

2. The next step after installation is to create the home directory that your ftp users will log into. While you are still logged in as root issue the command to create a directory:
[root@localhost ~]# mkdir /home/ftp

3. We will use the /home/ftp directory for simplicity purposes, although you could call it anything you want. Our next step is to create a user group that our ftp users will belong to. This is accomplished by issuing the following commands, still as root:
[root@localhost ~]# /usr/sbin/groupadd ftp-users

4. Once again, we will use ftp-users as the group name for the sake of simplicity. Now we will need to make the directory we created earlier accessible to our ftp-users group. Still as root, issue the following two commands:
[root@localhost ~]# chmod 750 /home/ftp
[root@localhost ~]# chown root:ftp-users /home/ftp

5. Unfortunately, the explanation of the previous commands is outside the scope of this How-To. We now need to add a user and create a user password. Make absolutely sure your password is strong and secure. Once again, still as root, issue the following two commands:
[root@localhost ~]# /usr/sbin/useradd -g ftp-users -d /home/ftp username
[root@localhost ~]# passwd username

6. In the previous commands you would actually substitute "username" with the actual username you want to add. The next step is to give our newly created user read and write access into their home directory. We will use the chmod command for this as well. As root issue the following command:
[root@localhost ~]# chmod 770 /home/ftp

7. The next steps are critical. We will be editing the configuration file for vsftpd. Most of what we will be editing ensures that users will be "chained" to their home directory. Being chained to the home directory prevents users from browsing through the rest of your system. By default the vsftpd installation places the configuration file, which is named vsftpd.conf, in the /etc/vsftpd directory. First we need to make a backup copy of the original vsftpd.conf. Issue the following command as root to successfully create a backup copy:
[root@localhost ~]# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd/conf_backup

8. Next, also as root, we need to open the vsftpd configuration file in a text editor. Once vsftpd.conf is open, the first line we need to edit looks like this:
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# anonymous_enable=YES

9. We need to edit this line so it reads as follows:
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

10. Remove the # character from the beginning of the second line and change YES to NO. Doing this will remove the ability of anonymous users to log in to the FTP server. We don't want to allow anonymous users because we are giving our users the ability to write as well as read. Farther down the file look for a line that reads as follows:
# Disable chmod, default is YES
# chmod_enable=YES

11. We now need to edit this line so it reads as follows:
# Disable chmod, default is YES
chmod_enable=NO

This prevents users from changing the permissions of their home directory we created earlier.

12. The next line we are looking for should read like this:
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this becomes a list of
# users not to chroot()
# chroot_list_enable=YES
# (default follows)
# chroot_list_file=/etc/vsftpd.chroot_list

13. Now we'll ensure that users cannot leave their home directory. This is where the term "chroot" comes in. chroot means to chain a user to their root directory, also called their home directory. We want to enable this because, as stated earlier in the how-to, the users would be able to browse most of our filesystem, which could be problematic. Therefore, we must chroot them, by editing the previous lines to read as follows:

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this becomes a list of
# users not to chroot()
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list

Remove the # character from the fourth and sixth line as shown.

14. We now need to create a chroot_list. The chroot_list will contain the names of the users that you want to keep chrooted in their home directory. I would add all users to this list, for security purposes. To create the list open your favorite text editor again. Once the editor is open, create a file that looks like this:

# vsftpd chroot_list
# All users listed here are chrooted
# Created on, Jan. 1, 2005
username1
username2

15. Again, we substitute "username" for the user we created earlier. Also, remember to add each new user we create to this list. Once we are done, save this file as /etc/vsftpd.chroot_list.Now the users are chrooted to their home directory, and we should have a relatively secure ftp server almost ready to be implemented. We can now start the vsftpd service. Issuing the following command as root will start the vsftpd service:
# service vsftpd start

16. Once the service dialog is finished, we are ready to test our server. You can also exit your su - environment now by typing exit at the prompt. After doing so, you should now be at your user prompt. To test the FTP server you can issue the following command:
$ ftp 192.168.10.2

17. Now substitute your own IP address (yours may not be the same as mine). If all goes correctly, you should be prompted for a username and password. After successfully entering the username and password you should be greeted with a prompt that looks like this:

ftp>

18. Congratulations!, you have successfully implemented you own FTP server.

Add Feedback