How to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora
In this article you will learn how to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora. Vsftpd stands for Very Secure File Transfer Protocol is an FTP server that securely transfers data over the network. The port number of the Vsftpd server is 21. The Vsftpd Linux FTP server is available for all Linux distributions such as Redhat, Debian, Ubuntu etc.
How to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora
Follow these steps to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora:
Step: 1 Install the package for Linux FTP Server (Vsftpd Server)
Before we start configuring Vsftpd Linux FTP Server, we need to install the necessary packages. To do this, use the following command.
[[email protected] ~]# yum -y install vsftpd # Install Vsftpd Linux FTP Server Package Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile * base: centos-hcm.viettelidc.com.vn * extras: centos-hcm.viettelidc.com.vn * updates: centos.excellmedia.net Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package vsftpd.x86_64 0:2.2.2-24.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================== Installing: vsftpd x86_64 2.2.2-24.el6 base 156 k Transaction Summary =================================================================================================================================== Install 1 Package(s) Total download size: 156 k Installed size: 340 k Downloading Packages: vsftpd-2.2.2-24.el6.x86_64.rpm | 156 kB 00:01 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : vsftpd-2.2.2-24.el6.x86_64 1/1 Verifying : vsftpd-2.2.2-24.el6.x86_64 1/1 Installed: vsftpd.x86_64 0:2.2.2-24.el6 Complete!
We can use to confirm the package installation rpm -qa Command. See the following command.
[[email protected] ~]# rpm -qa | grep vsftpd # Confirm the Package Installation vsftpd-2.2.2-24.el6.x86_64
After installing the vsftpd package, we need to check the required file locations of the Vsftpd Linux FTP server, e.g. B. the location of the main configuration file, e.g. vsftpd.conf, Configuration files for restrictions of vsftpd users and much more.
[[email protected] ~]# rpm -ql vsftpd # Query the Files & Directory location of Installed Package /etc/logrotate.d/vsftpd /etc/pam.d/vsftpd /etc/rc.d/init.d/vsftpd # Used to Start/Stop/Restart vsftpd service /etc/vsftpd /etc/vsftpd/ftpusers # Used to Restrict User from Login Vsftpd Server /etc/vsftpd/user_list # Allow/DisAllow Users from Login Vsftpd Server /etc/vsftpd/vsftpd.conf # Main Configuration File of Linux FTP Server /etc/vsftpd/vsftpd_conf_migrate.sh /usr/sbin/vsftpd # Binary File /var/ftp /var/ftp/pub # Default Document Directory
Step: 2 Start the Vsftpd service
Start the Vsftpd Linux FTP Server service with the following command.
[[email protected] ~]# /etc/init.d/vsftpd start # Start the Vsftpd Service Starting vsftpd for vsftpd: [ OK ]
We need to start the Vsftpd service at system startup, otherwise we have to manually restart the service when the system is restarted. So we can start the service with at the start chkconfig Command. See the following command.
[[email protected] ~]# chkconfig --level 35 vsftpd on # Start the Vsftpd service at startup [[email protected] ~]# chkconfig --list vsftpd # Confirm the Startup Setting vsftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
Step: 3 Configure the Vsftpd Linux FTP server
Note: Restart the Vsftpd service after each change so that it takes effect with the following command.
[[email protected] ~]# /etc/init.d/vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
Now let’s understand some very important syntax of Vsftpd Linux FTP Server. One of the most important and useful syntax is anonymous_enable,
We have two anonymous users in Linux, i.e. FTP and anonymous, If you want to allow the vsftpd server to log in using anonymous users, just edit the /etc/vsftpd/vsftpd.conf File and search for anonymous_enable and set as anonymous_enable = YES, See the following sample output.
Note: The password for anonymous users, i.e. H. FTP and anonymous, is BLANK. BLANK in the sense that there is no password for both users. Just hit enter while asking for the password.
[[email protected] ~]# nano /etc/vsftpd/vsftpd.conf # Edit the Vsftpd Linux FTP Server Main Configuration File anonymous_enable=YES # Allowing to Login Vsftpd Server using Anonymous Users
Restart the Vsftpd service with the following command to apply the changes.
[[email protected] ~]# /etc/init.d/vsftpd restart # Restart the Vsftpd Service Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
Now let’s try to log in with anonymous users, i.e. H. FTP & anonymous, See the following sample output.
[[email protected] ~]# ftp localhost # Logging in using "ftp" User Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye. [[email protected] ~]# ftp localhost # Logging in using anonymous User Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye.
If you want to disable the login of anonymous users, just use the syntax anonymous_enable = NO, and you have allowed a different syntax, i.e. local_enable = YES So that local users can log on to the Vsftpd Linux FTP server. Refer to the sample output below.
[[email protected] ~]# nano /etc/vsftpd/vsftpd.conf anonymous_enable=NO # Disable Login Anonymous Users local_enable=YES # Allow Login Local Users
Restart the Vsftpd service after saving the changes.
Here I have a user named counseling Center, So let’s try to log in to the Vsftpd Linux server through the help desk.
[[email protected] ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
when you bet local_enable = NO With anonymous_enable = NO then you will get the following error message.
[[email protected] ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 500 OOPS: vsftpd: both local and anonymous access disabled!
To control the user’s login to Vsftpd Linux FTP Server, we have two useful files, i.e. H. / etc / vsftpd / user_list and / etc / vsftpd / ftpusers, So let’s understand the use of both files.
- / etc / vsftpd / ftpusers : The user added in this file cannot log in via FTP. For example, I added one of my users, i. H. Helpdesk. Now let’s try to log in to the Helpdesk via FTP.
[[email protected] ~]# nano /etc/vsftpd/ftpusers # Users that are not allowed to login via ftp root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody helpdesk
As you can see below, I cannot log in with the user via FTP counseling Center, So you can use this file to deny users access to the Vsftpd server.
Example output:
[[email protected] ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 530 Login incorrect. Login failed.
Now let’s move on to our next file, i.e. H. / etc / vsftpd / user_list, You can use this file to allow or prohibit users from logging in via an FTP server. If you use the syntax userlist_deny = NO in the /etc/vsftpd/vsftpd.conf File, then the users you mentioned in this file can log on via FTP server and if you use syntax userlist_deny = YES in the /etc/vsftpd/vsftpd.conf In this case, the users you mentioned in this file must not log on via the FTP server. I tried both scenarios with the user counseling Center, Refer to the sample output below.
[[email protected] ~]# nano /etc/vsftpd/user_list # Add the User by edit the File # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody helpdesk
I tried it first userlist_deny = YES and got the following issue.
[[email protected] ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 530 Permission denied. Login failed.
Then when I tried userlist_deny = NO then I can successfully register via Vsftpd Linux FTP Server.
Some important and useful global syntax from Vsftpd Server for basic configuration:
- anonymous_enable : To activate / deactivate anonymous login via FTP.
- local_enable : To activate / deactivate the login of local users via FTP.
- write_enable : Used to allow users to write to a Vsftpd Linux FTP server.
- anon_mkdir_write_enable : Allow anonymous users to create a directory on the FTP server.
- anon_upload_enable : Anonymous users can upload data to the FTP server.
- idle_session_timeout : Set time / session in seconds.
For more vaftpd syntax and directived you can refer this link,
Now perform a task and configure the Vsftpd Linux FTP server to make your concept clearer.
The task is therefore to configure the Vsftpd Linux FTP server (basic configuration) with the following settings:
- Disable anonymous login
- Session timeout in 600 seconds
- Allow local users to log on
- All users should be able to write to the FTP server
For the above task just edit the /etc/vsftpd/vsftpd.conf File and search for the following syntax and make the settings as shown below.
anonymous_enable=NO local_enable=YES write_enable=YES idle_session_timeout=600
Troubleshooter:
If you have a mistake like 500 OOPS: Directory cannot be changed while connecting to the FTP server.
[[email protected] ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/helpdesk Login failed.
Solution: Deactivate SELinux with the following step.
[[email protected] ~]# setenforce 0 [[email protected] ~]# getenforce Permissive [[email protected] ~]# nano /etc/sysconfig/selinux SELINUX=disabled
The Vsftpd Linux FTP server has a variety of functions and it is not possible to summarize all of these settings in one article. I will write another article about the advanced features of Vsftpd Server.
Read also – How to configure the proxy server under Linux with terminal
That’s all. In this article we explained how to configure Linux FTP Server (vsftpd server) In Redhat / Centos / Fedora. I hope you like this article. If you like this article, just share it. If you have any questions about this article, please comment.