How To Install an FTP Server on CentOS 7 With VSFTPD?

If you're looking for a reliable and efficient way to share files between computers on a network, FTP (File Transfer Protocol) is a popular option. In this article, we'll walk you through the steps to install an FTP server on CentOS 7 using VSFTPD (Very Secure FTP Daemon), a lightweight and secure FTP server for Unix-like systems.

Step 1: Update System

Before installing any new packages, it's always a good idea to update your system to ensure that you have the latest security patches and software updates. To do this, run the following command

sudo yum update

Step 2: Install VSFTPD

To install VSFTPD on CentOS 7, run the following command

sudo yum install vsftpd

Once the installation is complete, you can start the service and enable it to start automatically at boot time with the following commands

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

Step 3: Configure VSFTPD

Next, we need to configure VSFTPD to allow FTP connections and specify FTP user accounts. Open the VSFTPD configuration file with your favorite text editor. We'll use nano in this example

sudo nano /etc/vsftpd/vsftpd.conf

Make the Following Changes to the Configuration File

Uncomment the following line to allow local users to log in

local_enable=YES

Uncomment the following line to allow write access to the FTP server

write_enable=YES

For anonymous uploads, uncomment this line (optional)

anon_upload_enable=YES

Add the following lines to the end of the file to specify FTP user accounts

userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO

Save and close the file.

Step 4: Create FTP User Accounts

Now, let's create some FTP user accounts. You can create a new user account with the following command

sudo useradd -m ftpuser

This command creates a new user account with the username "ftpuser" and creates a home directory for that user. Set a password for the new user with the following command

sudo passwd ftpuser

Add the new user to the VSFTPD user list with the following command

sudo bash -c 'echo "ftpuser" >> /etc/vsftpd/user_list'

Step 5: Configure Firewall

By default, CentOS 7 comes with a firewall enabled, which may block incoming FTP connections. You can allow FTP traffic by adding a rule to the firewall

sudo firewall-cmd --add-service=ftp --permanent
sudo firewall-cmd --reload

Step 6: Test FTP Server

Finally, let's test the FTP server to make sure everything is working correctly. Open your FTP client and connect to your server using the server's IP address or hostname, and the FTP user account you created earlier. If everything is working correctly, you should be able to upload and download files from the server.

Security Enhancements

Enable SSL/TLS Encryption

FTP is an unencrypted protocol, which means that data transferred over the network can be intercepted. To enhance security, you can enable SSL/TLS encryption for your FTP server by adding the following lines to the VSFTPD configuration file

ssl_enable=YES
rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem

Configure Passive Mode

By default, FTP uses active mode, which can cause problems if your server is behind a NAT firewall. To avoid these issues, configure VSFTPD to use passive mode by adding these lines

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
pasv_address=<your_server_public_ip>

Limit User Access with Chroot

To improve security, you can restrict users to their home directories by creating a chroot jail. Add these lines to the VSFTPD configuration file

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Then create the chroot list file and add usernames

sudo nano /etc/vsftpd/chroot_list

Enable Logging

To monitor FTP server activity, enable logging by adding these lines to the configuration file

xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

Create the log file and set permissions

sudo touch /var/log/vsftpd.log
sudo chmod 644 /var/log/vsftpd.log
sudo systemctl restart vsftpd

Alternative: SFTP Setup

SFTP (SSH File Transfer Protocol) is a more secure alternative to FTP that uses encryption. To enable SFTP for a user, modify the SSH configuration

sudo nano /etc/ssh/sshd_config

Add the following configuration

Subsystem sftp internal-sftp
Match User ftpuser
    ChrootDirectory /home/ftpuser
    ForceCommand internal-sftp

Restart the SSH service

sudo systemctl restart sshd

Conclusion

In this article, we showed you how to install and configure VSFTPD on CentOS 7, including basic setup, security enhancements, and alternative SFTP configuration. VSFTPD provides a lightweight and secure solution for file sharing, with various options to enhance security through SSL/TLS encryption, user restrictions, and proper firewall configuration.