How to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora

In this article you will learn how to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora. Vsftpd stands for Very Secure File Transfer Protocol is an FTP server that securely transfers data over the network. The port number of the Vsftpd server is 21. The Vsftpd Linux FTP server is available for all Linux distributions such as Redhat, Debian, Ubuntu etc.

How to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora

Follow these steps to configure the vsftpd Linux FTP server in Redhat / Centos / Fedora:

Step: 1 Install the package for Linux FTP Server (Vsftpd Server)

Before we start configuring Vsftpd Linux FTP Server, we need to install the necessary packages. To do this, use the following command.

[[email protected] ~]# yum -y install vsftpd   # Install Vsftpd Linux FTP Server Package
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: centos-hcm.viettelidc.com.vn
 * extras: centos-hcm.viettelidc.com.vn
 * updates: centos.excellmedia.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-24.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================
 Package                       Arch                          Version                             Repository                   Size
===================================================================================================================================
Installing:
 vsftpd                        x86_64                        2.2.2-24.el6                        base                        156 k

Transaction Summary
===================================================================================================================================
Install       1 Package(s)

Total download size: 156 k
Installed size: 340 k
Downloading Packages:
vsftpd-2.2.2-24.el6.x86_64.rpm                                                                              | 156 kB     00:01     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : vsftpd-2.2.2-24.el6.x86_64                                                                                      1/1 
  Verifying  : vsftpd-2.2.2-24.el6.x86_64                                                                                      1/1 

Installed:
  vsftpd.x86_64 0:2.2.2-24.el6                                                                                                     

Complete!

We can use to confirm the package installation rpm -qa Command. See the following command.

[[email protected] ~]# rpm -qa | grep vsftpd   # Confirm the Package Installation
vsftpd-2.2.2-24.el6.x86_64

After installing the vsftpd package, we need to check the required file locations of the Vsftpd Linux FTP server, e.g. B. the location of the main configuration file, e.g. vsftpd.conf, Configuration files for restrictions of vsftpd users and much more.

[[email protected] ~]# rpm -ql vsftpd   # Query the Files & Directory location of Installed Package
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/rc.d/init.d/vsftpd   # Used to Start/Stop/Restart vsftpd service
/etc/vsftpd
/etc/vsftpd/ftpusers   # Used to Restrict User from Login Vsftpd Server
/etc/vsftpd/user_list  # Allow/DisAllow Users from Login Vsftpd Server
/etc/vsftpd/vsftpd.conf   # Main Configuration File of Linux FTP Server
/etc/vsftpd/vsftpd_conf_migrate.sh
/usr/sbin/vsftpd   # Binary File
/var/ftp
/var/ftp/pub   # Default Document Directory

Step: 2 Start the Vsftpd service

Start the Vsftpd Linux FTP Server service with the following command.

[[email protected] ~]# /etc/init.d/vsftpd start   # Start the Vsftpd Service
Starting vsftpd for vsftpd:                                [  OK  ]

We need to start the Vsftpd service at system startup, otherwise we have to manually restart the service when the system is restarted. So we can start the service with at the start chkconfig Command. See the following command.

[[email protected] ~]# chkconfig --level 35 vsftpd on   # Start the Vsftpd service at startup

[[email protected] ~]# chkconfig --list vsftpd   # Confirm the Startup Setting
vsftpd          0:off   1:off   2:off   3:on      4:off   5:on      6:off

Step: 3 Configure the Vsftpd Linux FTP server

Note: Restart the Vsftpd service after each change so that it takes effect with the following command.

[[email protected] ~]# /etc/init.d/vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

Now let’s understand some very important syntax of Vsftpd Linux FTP Server. One of the most important and useful syntax is anonymous_enable,

We have two anonymous users in Linux, i.e. FTP and anonymous, If you want to allow the vsftpd server to log in using anonymous users, just edit the /etc/vsftpd/vsftpd.conf File and search for anonymous_enable and set as anonymous_enable = YES, See the following sample output.

Note: The password for anonymous users, i.e. H. FTP and anonymous, is BLANK. BLANK in the sense that there is no password for both users. Just hit enter while asking for the password.

[[email protected] ~]# nano /etc/vsftpd/vsftpd.conf   # Edit the Vsftpd Linux FTP Server Main Configuration File

anonymous_enable=YES   # Allowing to Login Vsftpd Server using Anonymous Users

Restart the Vsftpd service with the following command to apply the changes.

[[email protected] ~]# /etc/init.d/vsftpd restart  # Restart the Vsftpd Service
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

Now let’s try to log in with anonymous users, i.e. H. FTP & anonymous, See the following sample output.

[[email protected] ~]# ftp localhost   # Logging in using "ftp" User
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.

[[email protected] ~]# ftp localhost   # Logging in using anonymous User
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.

If you want to disable the login of anonymous users, just use the syntax anonymous_enable = NO, and you have allowed a different syntax, i.e. local_enable = YES So that local users can log on to the Vsftpd Linux FTP server. Refer to the sample output below.

[[email protected] ~]# nano /etc/vsftpd/vsftpd.conf 

anonymous_enable=NO  # Disable Login Anonymous Users
local_enable=YES  # Allow Login Local Users

Restart the Vsftpd service after saving the changes.

Here I have a user named counseling Center, So let’s try to log in to the Vsftpd Linux server through the help desk.

[[email protected] ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): helpdesk
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

when you bet local_enable = NO With anonymous_enable = NO then you will get the following error message.

[[email protected] ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
500 OOPS: vsftpd: both local and anonymous access disabled!

To control the user’s login to Vsftpd Linux FTP Server, we have two useful files, i.e. H. / etc / vsftpd / user_list and / etc / vsftpd / ftpusers, So let’s understand the use of both files.

  • / etc / vsftpd / ftpusers : The user added in this file cannot log in via FTP. For example, I added one of my users, i. H. Helpdesk. Now let’s try to log in to the Helpdesk via FTP.
[[email protected] ~]# nano /etc/vsftpd/ftpusers  

# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
helpdesk

As you can see below, I cannot log in with the user via FTP counseling Center, So you can use this file to deny users access to the Vsftpd server.

Example output:

[[email protected] ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): helpdesk
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.

Now let’s move on to our next file, i.e. H. / etc / vsftpd / user_list, You can use this file to allow or prohibit users from logging in via an FTP server. If you use the syntax userlist_deny = NO in the /etc/vsftpd/vsftpd.conf File, then the users you mentioned in this file can log on via FTP server and if you use syntax userlist_deny = YES in the /etc/vsftpd/vsftpd.conf In this case, the users you mentioned in this file must not log on via the FTP server. I tried both scenarios with the user counseling Center, Refer to the sample output below.

[[email protected] ~]# nano /etc/vsftpd/user_list   # Add the User by edit the File
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
helpdesk

I tried it first userlist_deny = YES and got the following issue.

[[email protected] ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): helpdesk
530 Permission denied.
Login failed.

Then when I tried userlist_deny = NO then I can successfully register via Vsftpd Linux FTP Server.

Some important and useful global syntax from Vsftpd Server for basic configuration:

  • anonymous_enable : To activate / deactivate anonymous login via FTP.
  • local_enable : To activate / deactivate the login of local users via FTP.
  • write_enable : Used to allow users to write to a Vsftpd Linux FTP server.
  • anon_mkdir_write_enable : Allow anonymous users to create a directory on the FTP server.
  • anon_upload_enable : Anonymous users can upload data to the FTP server.
  • idle_session_timeout : Set time / session in seconds.

For more vaftpd syntax and directived you can refer this link,

Now perform a task and configure the Vsftpd Linux FTP server to make your concept clearer.

The task is therefore to configure the Vsftpd Linux FTP server (basic configuration) with the following settings:

  1. Disable anonymous login
  2. Session timeout in 600 seconds
  3. Allow local users to log on
  4. All users should be able to write to the FTP server

For the above task just edit the /etc/vsftpd/vsftpd.conf File and search for the following syntax and make the settings as shown below.

anonymous_enable=NO
local_enable=YES
write_enable=YES
idle_session_timeout=600

Troubleshooter:

If you have a mistake like 500 OOPS: Directory cannot be changed while connecting to the FTP server.

[[email protected] ~]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): helpdesk
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/helpdesk
Login failed.

Solution: Deactivate SELinux with the following step.

[[email protected] ~]# setenforce 0
[[email protected] ~]# getenforce 
Permissive
[[email protected] ~]# nano /etc/sysconfig/selinux 
SELINUX=disabled

The Vsftpd Linux FTP server has a variety of functions and it is not possible to summarize all of these settings in one article. I will write another article about the advanced features of Vsftpd Server.

Read also – How to configure the proxy server under Linux with terminal

That’s all. In this article we explained how to configure Linux FTP Server (vsftpd server) In Redhat / Centos / Fedora. I hope you like this article. If you like this article, just share it. If you have any questions about this article, please comment.

Sidebar