setting up ftp via vsftpd in linux


The VSFTPD (Very Secure FTP Server Deamon) is one of the most commonly used FTP servers under Linux and comes with most Linux distributions.

This article will help you install and configure vsftpd in Linux. (sample OS used is a Red-hat based distribution)

GOALS:

* to create a secure ftp server
* to create an ftp user chrooted or jailed in a certain directory (sample use is an apache directory wherein you can limit users or your developers to just upload to a restricted folder)

procedures and actual simulation as follows:

A. INSTALLATION

#yum install vsftpd

Loaded plugins: refresh-packagekit
updates                                                  | 3.4 kB     00:00
updates/primary_db                                       | 4.0 MB     00:10
fedora                                                   | 2.8 kB     00:00
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
–> Running transaction check
—> Package vsftpd.i386 0:2.0.7-2.fc10 set to be updated
updates/filelists_db                                                                                   | 7.3 MB     00:18
fedora/filelists_db                                                                                    |  11 MB     00:24
–> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================
Package                     Arch                      Version                             Repository                    Size
======================================================================================================
Installing:
vsftpd                      i386                      2.0.7-2.fc10                        updates                      145 k

Transaction Summary
======================================================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 145 k
Is this ok [y/N]:y

Downloading Packages:
vsftpd-2.0.7-2.fc10.i386.rpm                                                                              | 145 kB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing     : vsftpd                                                                                                    1/1
Installed:
vsftpd.i386 0:2.0.7-2.fc10
Complete!

B. Edit configuration file (self-explanatory)

# vi /etc/vsftpd/vsftpd.conf

Here’s the important line that you need to modify:

# Turn off anonymous users
anonymous_enable=NO

# Turn on local users
local_enable=YES

# Users should be able to write
write_enable=YES

# chroot everyone
chroot_local_user=YES

#create userlist
userlist_file=/etc/vsftpd/vsftpd.userlist

C.  Create ftp acct (example create ftp user darwin)

# useradd -d /home/Sites/ -s /sbin/nologin darwin
# passwd darwin

D.    Add it on the vsftpd service userlist

# vi /etc/vsftpd/vsftpd.userlist

Add the ftp name pmorris, This will be the output once included:

# cat /etc/vsftpd/vsftpd.userlist
darwin

E. Add an FTP group e.g. ftpusers

#groupadd ftpusers

Example directory where we will jail the ftp users: /home/Sites

F. Change the ownership of the directory. e.g. root: ftpusers

/home/Sites folder ownership is currently set to root:ftpusers with permission 775 (meaning all FTP users should be in the GROUP “ftpusers”, and it has a GROUP read-write-execute) permission
drwxrwxr-x 13 root      ftpusers   4096 Jan 28 15:23 Sites

G. Add the ftpuser in the ftpusers group

#vi /etc/group

This will be the output once included:
ftpusers:x:502:darwin

Alternatively: you can use the command

#usermod -G ftpusers darwin

Testing:
Using your favorite FTP client such as FileZilla FTP or via CLI , you can test the functionality by uploading, deleting or creating folders on it.

————————————————————————————————————————
[root@darwin ~]# ftp ip.of.the.server
Connected to ip.of.the.server (ip.of.the.server).
220 (vsFTPd 2.0.5)
Name (ip.of.the.server:root): darwin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bin
200 Switching to Binary mode.
ftp> bye
221 Goodbye.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: