Build up an FTP site (CentOS 7 Linux)

vsftpd (very secure FTP daemon) is a small, light, fast, safe and easy-to-use FTP server software under Linux. This tutorial describes how to install and configure vsftpd on a Linux instance.

Background Information

FTP (File Transfer Protocol) is a file transfer protocol based on a client/server architecture and supports the following two working modes:

  • Active mode: The client sends port information to the FTP server, and the server actively connects to the port.
  • Passive mode: The FTP server opens and sends port information to the client. The client connects to the port, and the server passively accepts the connection.

This article mainly introduces the configuration method of using local users to access the FTP server in passive mode. 

The sample steps in this article use the following resource versions:

  • Instance specifications: ecs.c6.large
  • Operating system: CentOS 7.2 64 bit
  • vsftpd:3.0.2

When you use different software versions, you may need to adjust the command and parameter configuration according to the actual situation.

Step 1: Install vsftpd

1. Remotely connect to the Linux instance.

2. Run the following command to install vsftpd.

yum install -y vsftpd

When the interface as shown in the figure below appears, the installation is successful.

3. Run the following command to set the FTP service to start automatically after booting

systemctl enable vsftpd.service

4. Run the following command to start the FTP service.

systemctl start vsftpd.service

5. Run the following command to check the port monitored by the FTP service.

netstat -antup | grep ftp

The interface as shown in the figure below appears, indicating that the FTP service has been started and the listening port number is 21. At this point, vsftpd has enabled anonymous access by default. You can log in to the FTP server without entering a user name and password, but you do not have the authority to modify or upload files.

Step 2: Configure vsftpd

To ensure data security, this article mainly introduces the configuration method of using local users to access the FTP server in passive mode.Run the following command to create a Linux user for the FTP service. In this example, the user name is ftptest .

1. Run the following command to create a Linux user for the FTP service. In this example, the user name is ftptest .

adduser ftptest

2. Run the following command to change the password of the ftptest user.

passwd ftptest

After running the command, follow the command line prompts to complete the FTP user password modification.

3. Run the following command to create a file directory for the FTP service.

mkdir /var/ftp/test

4. Run the following command to create a test file.
This test file is used when the FTP client accesses the FTP server.

touch /var/ftp/test/testfile.txt

5. Run the following command to change the owner of the /var/ftp/test directory to ftptest .

chown -R ftptest:ftptest /var/ftp/test

6. Modify the vsftpd.conf configuration file.

  • Run the following command to open the configuration file of vsftpd.If you used the apt install vsftp deinstallation command when installing vsftpd, the configuration file path is /etc/vsftpd.conf.

vim /etc/vsftpd/vsftpd.conf

  • Press to i enter edit mode.
  • Configure the FTP server to be in passive mode. The specific configuration parameters are described as follows:

#Use the default values for all parameters except those mentioned below.

#Change the value of the following parameters:

#Disable anonymous login to the FTP server.

anonymous_enable=NO

# Allow local users to log in to the FTP server.

local_enable=YES

# Listen on IPv4 Sockets.

listen=YES

#Add # comment out the following parameters at the beginning of the line:

# Stop listening on IPv6 Sockets.

#listen_ipv6=YES

#Add the following parameters to the end of the configuration file:

# Set the directory where the local user logs in.

#local_root=/var/ftp/test

#All users are restricted to the home directory.

chroot_local_user=YES

# Enable the exception user list.

chroot_list_enable=YES

# specify an exception user list file. Users in the list are not locked in the home directory.

chroot_list_file=/etc/vsftpd/chroot_list

#Enable passive mode.

pasv_enable=YES

allow_writeable_chroot=YES

#This tutorial is the public IP address of the Linux instance.

Pasv_address =< PUBLIC IP address of the FTP server >

#Set the minimum port range available for data transfer in passive mode.

#It is recommended that you set the port range to a relatively high range, such as 50000~50010, to improve the security of accessing FTP server.

pasv_min_port=<port number>

#Set the maximum port range available for data transmission in passive mode.

pasv_max_port=<port number>

  • Press to Esc exit the editing mode, then type :wq and press Enter to save and close the file.

7. Create a chroot_list file and write a list of exception users in the file.

  • Run the following command to create the chroot_list file.

vim /etc/vsftpd/chroot_listPress to ienter edit mode.

  • Press to i enter edit mode.
  • Enter the list of exception users. Users in this list will not be locked in the home directory and can access other directories.
  • Press to Esc exit the editing mode, then type :wq and press Enter to save and close the file.

8. Run the following command to restart the vsftpd service.

systemctl restart vsftpd.service

Step 3: Set up a security group

After setting up the FTP site, add a rule in the inbound direction of the instance security group and allow the following FTP ports.

Passive mode to be open 21 ports, and configuration files/etc/vsftpd/vsftpd.conf parameters pasv_min_port and pasv_max_port all ports between. The configuration details are shown in the table below.

Rule directionAuthorization strategyagreement typePort rangeAuthorized object
Inward directionallowCustom TCP21/21The public IP addresses of all clients that want to access the FTP server, and multiple addresses are separated by commas.When all clients are allowed to access, the authorization object is 0.0.0.0/0.
Inward directionallowCustom TCPpasv_min_port / pasv_max_port . For example: 50000/50010The public IP addresses of all clients that want to access the FTP server, and multiple addresses are separated by commas.When all clients are allowed to access, the authorization object is 0.0.0.0/0.

 Step 4: Client test

FTP client, Windows command line tool or browser can be used to test FTP server. This article uses the local host of the Windows Server 2012 R2 64-bit system as the FTP client to introduce the access steps of the FTP server.

  1. On the local host, turn on this computer .
  2. Enter it in the address bar ftp://<FTP Public server IP address>:FTP port. In this article, it is the public IP address of the Linux instance. E.g:ftp://121.43.XX.XX:21

In the login identity dialog box that pops up , enter the FTP user name and password that have been set, and then click Login .
After logging in, you can view the files in the specified directory of the FTP server, for example: test file testfile.txt.

vsftp configuration file and parameter description

The description of the files in the /etc/vsftpd directory is as follows:

  • /etc/vsftpd/vsftpd.conf is the core configuration file of vsftpd.
  • /etc/vsftpd/ftpusers is a blacklist file. Users in this file are not allowed to access the FTP server.
  • /etc/vsftpd/user_list is a whitelist file. Users in this file are allowed to access the FTP server.

The configuration file vsftpd.conf parameter description is as follows:

  • The user login control parameter description is shown in the following table.
parameterillustrate
anonymous_enable=YESAccept anonymous users
no_anon_password=YESDo not ask for password when anonymous users log in
anon_root=(none)Anonymous user home directory
local_enable=YESAccept local users
local_root=(none)Local user home directory
  • The user authority control parameter description is shown in the following table.
parameterillustrate
write_enable=YESCan upload files (global control)
local_umask=022File permissions uploaded by local users
file_open_mode=0666The permission of uploaded files is used in conjunction with umask
anon_upload_enable=NOAnonymous users can upload files
anon_mkdir_write_enable=NOAnonymous users can create directories
anon_other_write_enable=NOAnonymous user modification and deletion
chown_username=lightwiterThe username of the anonymous upload file

9 comments

  1. NoffAnend

    https://buytadalafshop.com/ - buying cheap cialis online

  2. Justine

    Hey there! Do you know if they make any plugins to protect against hackers?

    I'm kinda paranoid about losing everything I've
    worked hard on. Any recommendations?

    Here is my page ... hosted vicidial

  3. נערות ליווי- חם באתר
  4. online generic cialis

    Tetracycline Purchase Canada

  5. Maroweawl
  6. buy ivermectin 3mg tablets

    Viagra Order Online

  7. Juliana

    There's certainly a great deal to learn about this issue.
    I really like all the points you have made.

    Here is my web site hosted goautodial

  8. Axiotolal

    http://buyzithromaxinf.com/ - buy z pak online

  9. twilsOm

Comment

Your email address will not be disclosed. The required fields are marked with*.

Related recommendation

No related articles!

微信扫一扫,分享到朋友圈

Build up an FTP site (CentOS 7 Linux)