In this article, we are going to learn How To Configure vsftpd Linux FTP Server In Redhat/Centos/Fedora. Vsftpd stands for Very Secure File Transfer Protocol is an FTP Server used to transfer data over the network securely. The port number of Vsftpd Server is 21. Vsftpd Linux FTP Server is available for all Linux distros like Redhat, Debian, Ubuntu, etc.
Follow the below steps to Configure vsftpd Linux FTP Server In Redhat/Centos/Fedora:
Step: 1 Install Package for Linux FTP Server (Vsftpd Server)
Before we start the configuration of Vsftpd Linux FTP Server we have to install the required packages. To do so refer the below command.
[root@localhost ~]# yum -y install vsftpd # Install Vsftpd Linux FTP Server Package Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile * base: centos-hcm.viettelidc.com.vn * extras: centos-hcm.viettelidc.com.vn * updates: centos.excellmedia.net Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package vsftpd.x86_64 0:2.2.2-24.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================== Installing: vsftpd x86_64 2.2.2-24.el6 base 156 k Transaction Summary =================================================================================================================================== Install 1 Package(s) Total download size: 156 k Installed size: 340 k Downloading Packages: vsftpd-2.2.2-24.el6.x86_64.rpm | 156 kB 00:01 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : vsftpd-2.2.2-24.el6.x86_64 1/1 Verifying : vsftpd-2.2.2-24.el6.x86_64 1/1 Installed: vsftpd.x86_64 0:2.2.2-24.el6 Complete!
To confirm the Package installation we can use rpm -qa command. Refer to the command below.
[root@localhost ~]# rpm -qa | grep vsftpd # Confirm the Package Installation vsftpd-2.2.2-24.el6.x86_64
After vsftpd package installation, we have to check the required file locations of Vsftpd Linux FTP Server like main configuration file Location i.e. vsftpd.conf, vsftpd user’s restriction configuration files and many more.
[root@localhost ~]# rpm -ql vsftpd # Query the Files & Directory location of Installed Package /etc/logrotate.d/vsftpd /etc/pam.d/vsftpd /etc/rc.d/init.d/vsftpd # Used to Start/Stop/Restart vsftpd service /etc/vsftpd /etc/vsftpd/ftpusers # Used to Restrict User from Login Vsftpd Server /etc/vsftpd/user_list # Allow/DisAllow Users from Login Vsftpd Server /etc/vsftpd/vsftpd.conf # Main Configuration File of Linux FTP Server /etc/vsftpd/vsftpd_conf_migrate.sh /usr/sbin/vsftpd # Binary File /var/ftp /var/ftp/pub # Default Document Directory
Step: 2 Start the Vsftpd Service
Start the Vsftpd Linux FTP Server service using the below command.
[root@localhost ~]# /etc/init.d/vsftpd start # Start the Vsftpd Service Starting vsftpd for vsftpd: [ OK ]
We have to start the Vsftpd service at system startup otherwise when we restart the system, again we have to start the service manually. So we can start the service at startup using chkconfig command. Refer to the command below.
[root@localhost ~]# chkconfig --level 35 vsftpd on # Start the Vsftpd service at startup [root@localhost ~]# chkconfig --list vsftpd # Confirm the Startup Setting vsftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
Step : 3 Configure Vsftpd Linux FTP Server
Note: Restart the Vsftpd Service after every change to take effect using the below command.
[root@localhost ~]# /etc/init.d/vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
Now let’s understand some very important syntax of Vsftpd Linux FTP Server. One of the most important and useful syntax is anonymous_enable.
We have two anonymous users in Linux i.e. FTP and anonymous. If you want to allow the vsftpd server to login by using anonymous users then just edit the /etc/vsftpd/vsftpd.conf file and search for anonymous_enable and set as anonymous_enable=YES. Refer to the Sample Output below.
Note: Password for anonymous users i.e. FTP and anonymous is BLANK. BLANK in the sense there is no password for both users So just press enter while asking for Password.
[root@localhost ~]# nano /etc/vsftpd/vsftpd.conf # Edit the Vsftpd Linux FTP Server Main Configuration File anonymous_enable=YES # Allowing to Login Vsftpd Server using Anonymous Users
Restart the Vsftpd Service using the below command to effect the changes.
[root@localhost ~]# /etc/init.d/vsftpd restart # Restart the Vsftpd Service Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
Now let’s try login using anonymous users i.e. FTP & anonymous. Refer to the Sample Output below.
[root@localhost ~]# ftp localhost # Logging in using "ftp" User Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye. [root@localhost ~]# ftp localhost # Logging in using anonymous User Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye.
Now If you want to Disable login anonymous users then just use the syntax anonymous_enable=NO. and with that, you have allowed another syntax i.e. local_enable=YES so that Local users can be able to log in the Vsftpd Linux FTP Server. Refer to the sample output below.
[root@localhost ~]# nano /etc/vsftpd/vsftpd.conf anonymous_enable=NO # Disable Login Anonymous Users local_enable=YES # Allow Login Local Users
Restart the Vsftpd Service after saving changes.
Here I have a User named helpdesk. So let’s try to log in the Vsftpd Linux Server using the helpdesk.
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
if you set local_enable=NO with anonymous_enable=NO then you will get the below error message.
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 500 OOPS: vsftpd: both local and anonymous access disabled!
To control user’s login to Vsftpd Linux FTP Server we have two useful files i.e. /etc/vsftpd/user_list and /etc/vsftpd/ftpusers. So let’s understand the uses of both files.
- /etc/vsftpd/ftpusers : The user’s added in this file will not allow login via FTP. For Example, I have added one of my user i.e. helpdesk. Now let’s try to log in via FTP using the helpdesk.
[root@localhost ~]# nano /etc/vsftpd/ftpusers # Users that are not allowed to login via ftp root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody helpdesk
As you can see below I am unable to log in via FTP using the user helpdesk. So you can utilize this file to restrict users from access Vsftpd Server.
Sample Output :
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 530 Login incorrect. Login failed.
Now let’s move toward our next file i.e. /etc/vsftpd/user_list. You can use this file to both allow or Disallow the users from login via FTP Server. If you use the syntax userlist_deny=NO in /etc/vsftpd/vsftpd.conf file then the users you have mentioned in this file are allowed to login via FTP Server and if you use syntax userlist_deny=YES in /etc/vsftpd/vsftpd.conf file then the users you have mentioned in this file are not allowed to login via FTP Server. I have tried both scenarios by using the user helpdesk. Refer to the sample output below.
[root@localhost ~]# nano /etc/vsftpd/user_list # Add the User by edit the File # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody helpdesk
First I tried using userlist_deny=YES and got the below output.
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 530 Permission denied. Login failed.
Then when I tried userlist_deny=NO then I able to successfully log in via Vsftpd Linux FTP Server.
Some Important & Useful Global Syntax of Vsftpd Server for Basic Configuration :
- anonymous_enable : To Enable/Disable Anonymous Login Via FTP.
- local_enable : To Enable/Disable login local Users via FTP.
- write_enable : Used to allow users to Write on Vsftpd Linux FTP Server.
- anon_mkdir_write_enable : Allow Anonymous Users to Create a directory on FTP Server.
- anon_upload_enable : Allow anonymous users to upload data on FTP Server.
- idle_session_timeout : Allow to set Time/Session in Seconds.
For more Vaftpd Syntax and Directived you can Refer to this link.
Now let’s perform a task and configure the Vsftpd Linux FTP Server to make your concept more clear.
So the task is to Configure the Vsftpd Linux FTP Server (Basic Configuration) with the below Settings :
- Disable Anonymous Login
- Session Timeout in 600 Seconds
- Allow Local Users Login
- All users should be able to write in FTP Server
For above task just edit the /etc/vsftpd/vsftpd.conf file and search for below syntax and do the settings as I have shown below.
anonymous_enable=NO local_enable=YES write_enable=YES idle_session_timeout=600
Troubleshooting :
If you got some error like 500 OOPS: cannot change directory while connecting to FTP Server.
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): helpdesk 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/helpdesk Login failed.
Solution: Disable the SELinux by using the below Step.
[root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Permissive [root@localhost ~]# nano /etc/sysconfig/selinux SELINUX=disabled
Vsftpd Linux FTP Server comes with huge range of features and it’s not possible to include all of those settings in one article. I will write another article on the Advance features of Vsftpd Server.
Also Read – How To Configure the Proxy Server On Linux Using Terminal
That’s all, In this article, we have explained How To Configure Linux FTP Server (vsftpd Server) In Redhat/Centos/Fedora. I hope you enjoy this article. If you like this article, then just share it. If you have any questions about this article, please comment.
thank you so much
Great teaching..