- Trending Categories
Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
How To Install an FTP Server on CentOS 7 With VSFTPD?
If you're looking for a reliable and efficient way to share files between computers on a network, FTP (File Transfer Protocol) is a popular option. In this article, we'll walk you through steps to install an FTP server on CentOS 7 using VSFTPD (Very Secure FTP Daemon), a lightweight and secure FTP server for Unix-like systems.
Step 1: Update System
Before installing any new packages, it's always a good idea to update your system to ensure that you have latest security patches and software updates. To do this, run following command −
sudo yum update
Step 2: Install VSFTPD
To install VSFTPD on CentOS 7, run following command −
sudo yum install vsftpd
Once installation is complete, you can start service and enable it to start automatically at boot time with following commands −
sudo systemctl start vsftpd sudo systemctl enable vsftpd
Step 3: Configure VSFTPD
Next, we need to configure VSFTPD to allow FTP connections and specify FTP user accounts.
Open VSFTPD configuration file with your favorite text editor. We'll use nano in this example −
sudo nano /etc/vsftpd/vsftpd.conf
Make Following Changes To Configuration File
Uncomment following line to allow local users to log in −
local_enable=YES
Uncomment following line to allow write access to FTP server −
write_enable=YES
Uncomment following line to allow users to upload files −
anon_upload_enable=YES
Add following lines to end of file to specify FTP user accounts −
userlist_enable=YES userlist_file=/etc/vsftpd/user_list userlist_deny=NO
Save and close file.
Step 4: Create FTP User Accounts
Now, let's create some FTP user accounts. You can create a new user account with following command −
sudo useradd -m ftpuser
This command creates a new user account with username "ftpuser" and creates a home directory for that user.
Set a password for new user with following command −
sudo passwd ftpuser
Enter a secure password for user when prompted.
Add new user to VSFTPD user list with following command −
sudo bash -c 'echo "ftpuser" >> /etc/vsftpd/user_list'
Repeat these steps for each additional FTP user you want to create.
Step 5: Test FTP Server
Finally, let's test FTP server to make sure everything is working correctly.
Open your FTP client and connect to your server using server's IP address or hostname, and FTP user account you created earlier.
If everything is working correctly, you should be able to upload and download files from server.
While basic installation and configuration of VSFTPD should be enough to get your FTP server up and running, there are a few additional steps you can take to enhance security and improve performance.
Configure Firewall
By default, CentOS 7 comes with a firewall enabled, which may block incoming FTP connections. You can allow FTP traffic by adding a rule to firewall using following command −
sudo firewall-cmd --add-service=ftp --permanent sudo firewall-cmd --reload
This command allows FTP traffic through firewall permanently and reloads firewall rules.
Enable SSL/TLS Encryption
FTP is an unencrypted protocol, which means that data transferred over network can be intercepted and read by attackers. To enhance security, you can enable SSL/TLS encryption for your FTP server. To do this, you'll need to obtain an SSL/TLS certificate and configure VSFTPD to use it.
To obtain a certificate, you can use a free certificate authority like Let's Encrypt. Once you have a certificate, you can configure VSFTPD to use SSL/TLS encryption by adding following lines to VSFTPD configuration file −
ssl_enable=YES rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem
Make sure to replace "example.com" with your own domain name.
Configure Passive Mode
By default, FTP uses active mode, which can cause problems if your server is behind a NAT (Network Address Translation) firewall. To avoid these issues, you can configure VSFTPD to use passive mode instead.
To do this, add following lines to VSFTPD configuration file −
pasv_enable=YES pasv_min_port=40000 pasv_max_port=50000 pasv_address=<your server's public IP address>
Make sure to replace "<your server's public IP address>" with your own public IP address.
Limit User Access
To improve security, you may want to limit directories that FTP users can access. You can do this by creating a chroot jail, which restricts users to their own home directory and prevents them from accessing other parts of file system.
To create a chroot jail, add following lines to VSFTPD configuration file −
chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/chroot_list
Then, create chroot list file and add usernames of users you want to restrict to their home directories −
sudo nano /etc/vsftpd/chroot_list ftpuser1 ftpuser2
Save and close file.
Enable Logging
To monitor FTP server activity and troubleshoot issues, you can enable logging in VSFTPD. By default, VSFTPD logs to system log file, but you can also configure it to log to a separate file.
To enable logging to a separate file, add following lines to VSFTPD configuration file −
xferlog_enable=YES xferlog_file=/var/log/vsftpd.log
Then, create log file and set appropriate permissions −
sudo touch /var/log/vsftpd.log sudo chmod 644 /var/log/vsftpd.log
Restart VSFTPD to apply changes −
sudo systemctl restart vsftpd
Now, VSFTPD will log all FTP server activity to specified log file.
Use SFTP Instead of FTP
SFTP (SSH File Transfer Protocol) is a more secure alternative to FTP that uses encryption to protect data in transit. If you're concerned about security of your FTP server, you may want to consider using SFTP instead.
To set up an SFTP server on CentOS 7, you can use OpenSSH, which is included with operating system. OpenSSH provides both SSH access and SFTP file transfer capabilities.
To enable SFTP for a user, add following line to user's SSH configuration file −
sudo nano /etc/ssh/sshd_config Subsystem sftp internal-sftp Match User ftpuser ChrootDirectory /home/ftpuser ForceCommand internal-sftp
Make sure to replace "ftpuser" with username of user you want to enable SFTP for.
Save and close file.
Then, restart SSH service to apply changes −
sudo systemctl restart sshd
Now, user can connect to SFTP server using their SSH credentials and transfer files securely.
Use Virtual Users
By default, VSFTPD uses system users to authenticate FTP connections. However, you can also use virtual users, which are defined in a separate user database and don't require a system account.
Using virtual users can be more secure since you don't need to create a system account for every FTP user. It also allows you to specify different permissions for different users.
To use virtual users with VSFTPD, you'll need to install a user database and configure VSFTPD to use it. One popular user database is PAM (Pluggable Authentication Modules).
To install PAM, run following command −
sudo yum install pam
Then, create a PAM configuration file for VSFTPD −
sudo nano /etc/pam.d/vsftpd
Add following lines to file −
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd account required pam_permit.so
Save and close file.
Create a new user database and add some virtual users −
sudo touch /etc/vsftpd/ftpd.passwd sudo htpasswd -c /etc/vsftpd/ftpd.passwd ftpuser1 sudo htpasswd /etc/vsftpd/ftpd.passwd ftpuser2
Replace "ftpuser1" and "ftpuser2" with usernames of your virtual users.
Then, configure VSFTPD to use new user database −
sudo nano /etc/vsftpd/vsftpd.conf
Add following lines to file −
guest_enable=YES guest_username=ftp user_sub_token=$USER local_root=/var/www/$USER virtual_use_local_privs=YES pam_service_name=vsftpd
Save and close file.
Restart VSFTPD to apply changes −
sudo systemctl restart vsftpd
Now, you can connect to FTP server using virtual users you created.
Use FTPS Instead of FTP
FTPS (FTP over SSL/TLS) is another secure alternative to FTP that uses encryption to protect data in transit. Unlike SFTP, which uses SSH protocol, FTPS uses SSL/TLS encryption to secure FTP connections.
To use FTPS with VSFTPD, you'll need to obtain an SSL/TLS certificate and configure VSFTPD to use it, as we described earlier in this article.
Then, add following lines to VSFTPD configuration file to enable FTPS −
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem
Make sure to replace "example.com" with your own domain name.
Restart VSFTPD to apply changes −
sudo systemctl restart vsftpd
Now, you can connect to FTP server using FTPS to transfer files securely.
Conclusion
In this article, we showed you how to install and configure VSFTPD, a lightweight and secure FTP server for Unix-like systems. By following these steps, you can quickly set up an FTP server on your CentOS 7 machine and start sharing files with other computers on your network.
2K+ Views
