vsftpd_centos []

This is an old revision of the document!

Installing

        
              yum install vsftpd
chkconfig vsftpd on

Configuring /etc/vsftpd/vsftpd.conf

You should edit your /etc/vsftpd/vsftpd.conf file similar to the following:

        
          
          
              
              anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
# the below lines may need to be manually added
pasv_min_port=60000
pasv_max_port=65000

            

        
      

Chrooting User

If you would like to chroot the users you can add the following line to the bottom of /etc/vsftpd/vsftpd.conf

#for chrooting users add the following lines:

        
              chroot_local_user=NO
chroot_list_enable=NO
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

The line: chroot_local_user=YES will chroot users in their home directory You will then need to create the following file /etc/vsftpd/vsftpd.chroot_list even if you leave it empty. If you change chroot_list_enable to yes then you will need to put users in vsftpd.chroot_list that you wish NOT to be chrooted as everyone will be by default.

Note: you will need to create the file even if you leave it empty

        
              /etc/vsftpd/vsftpd.chroot_list

Once you have done this you should start vsftpd with:

        
              service vsftpd start

Firewall Rules:

        
              iptables -I INPUT -p tcp --dport 21 -m comment -comment "FTP" -j ACCEPT
 
iptables -I INPUT -p tcp -m multiport --dports 60000:65000 -m comment -comment "FTP passive mode ports" -j ACCEPT

        
              /etc/init.d/iptables save

You should then edit /etc/sysconfig/iptables-sysconfig and make sure the following lines look like:

        
              IPTABLES_MODULES="nf_conntrack_ftp"

Adding and modifying Users

useradd -m -s /sbin/nologin username will create a user without the access to ssh into the server which is more secure if the user is only being used for FTP (they will still be able to user FTP + vsFTPd, NOT sFTP)

useradd –d /home/directory/ username this adds a user with a specific home directory. This is good for chrooting a user to a specific directory.

Adding a new user straight into a group useradd -G {group-name} username

Alternivately you are able to use the following command to add a new user straight into a group you have created with a home directory of /var/www/html and NO shell login (only useable as FTP user)

        
              useradd -G groupname -home /var/www/testftp/ -m -s /sbin/nologin newusername

Don’t forget to set the password for the user with:

        
              passwd username

you will then be prompted to change the password for the user