How to setup FTP server on centos 7.3 ( VSFTP )
Setting up FTP server on Centos 7.3 ( VSFTP )
FTP server is used to transfer the files between computers / servers over network . This article helps you to setup ftp server on centos 7.3, also this article contains configuration steps for both FTP and SFTP as well as creation of users . Here, I have used VSFTP package which is secure and less vulnerable .
Prerequisites
- CentOS 7.3 (Operating system used here)
- root privileges.
Step 1 : Updating the repository and installing VSFTP package.
[root@webhostingchennai ~] # yum check-update
If update is available update the server and reboot it.
[root@webhostingchennai ~] # yum -y install vsftpd Resolving Dependencies --> Running transaction check ---> Package vsftpd.x86_64 0:3.0.2-22.el7 will be installed --> Finished Dependency Resolution Running transaction Installing : vsftpd-3.0.2-22.el7.x86_64 1/1 Verifying : vsftpd-3.0.2-22.el7.x86_64 1/1 Installed: vsftpd.x86_64 0:3.0.2-22.el7 Complete!
Step 2 : Modifying the configuration files
After installation, you can find “vsftpd.conf” file under /etc/vsftpd/ which is the main configuration file for VSFTP.
Take a backup copy before making changes
[root@webhostingchennai ~] # cp vsftpd.conf vsftpd.conf1
Now open the configuration file and make changes as below
[root@webhostingchennai ~] # nano /etc/vsftpd/vsftpd.conf
Find for anonymous_enable=YES and change value to NO to disable anonymous FTP access.
anonymous_enable=NO
Uncomment the below line to restrict users to their home directory.
chroot_local_user=YES
Now, add the following lines at the end of file to enable passive mode and allow chroot writable
allow_writeable_chroot=YES pasv_enable=Yes pasv_min_port=30000 pasv_max_port=35000
Step 3 : Now restart vsftpd service and make it start automatically after reboot.
[root@webhostingchennai ~] # systemctl restart vsftpd.service [root@webhostingchennai ~] # systemctl enable vsftpd.service
Step 4 : Enable firewall and add FTP service in firewall to allow ftp ports.
[root@webhostingchennai ~] # systemctl enable firewalld.service [root@webhostingchennai ~] # firewall-cmd --permanent --add-service=ftp [root@webhostingchennai ~] # firewall-cmd --reload
Step 5 : Setup SEinux to allow ftp access to the users home directories.
[root@webhostingchennai ~]# setsebool -P ftp_home_dir on
Step 6 : Now create an user for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server.
[root@webhostingchennai ~]# useradd -m webhostchennai -s /sbin/nologin [root@webhostingchennai ~]# passwd webhostchennai Changing password for user webhostchennai. New password: Retype new password: passwd: all authentication tokens updated successfully.
Now, the user webhostchennai can able to login FTP on port 21
You can use any FTP client for transferring the files.
Installing SFTP
SFTP ( Secure File Transfer Protocol ) is used to encrypt connections between clients and the FTP server. It is highly recommended to use SFTP because data is transferred over encrypted connection using SSH-tunnel on port 22 (default). To modify the SSH port refer here
Step 1: Basically we need openssh-server package to enable SFTP. Install openssh-server package, if its not already installed.
[root@webhostingchennai ~]# yum -y install openssh-server
Step 2: Creating a separate group for FTP access.
[root@webhostingchennai ~]# groupadd whcftpaccess
Step 3: Now open “/etc/ssh/sshd_config” file and search for “Subsystem sftp”, and comment this line and include the below lines as shown
#Subsystem sftp /usr/libexec/openssh/sftp-server Subsystem sftp internal-sftp Match group whcftpaccess ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Step 4: Now, restart SSHD service
[root@webhostingchennai ~]# systemctl restart sshd
Step 5: Create user webhostchennai with /sbin/nologin shell and whcftpaccess group (group created in step 2).
[root@webhostingchennai ~]# useradd -m webhostchennai2 -s /sbin/nologin -g whcftpaccess [root@webhostingchennai ~]# passwd webhostchennai2 Changing password for user webhostchennai2. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@webhostingchennai ~]#
Step 6: Now assign root ownership for the home directory for chroot access and modify permission.
[root@webhostingchennai ~]# chown root /home/webhostchennai2 [root@webhostingchennai ~]# chmod 750 /home/webhostchennai2
Now, create a directory www inside home directory for writing and modify ownership.
[root@webhostingchennai ~]# mkdir /home/webhostchennai2/www [root@webhostingchennai ~]# chown -R webhostchennai2:whcftpaccess /home/webhostchennai2/www
Now, the user webhostchennai2 can use both ftp and sftp services and can upload files in www directory .
Setup ftp server centos 7.3
If you are going to use FTP and SFTP together in the same server, you should follow above steps while creating users . For existing users add them to ftpaccess and make below changes.
[root@webhostingchennai ~]# usermod webhostchennai -g ftpaccess [root@webhostingchennai ~]# chown root /home/webhostchennai [root@webhostingchennai ~]# chmod 750 /home/webhostchennai [root@webhostingchennai ~]# mkdir /home/webhostchennai/www [root@webhostingchennai ~]# chown webhostchennai:ftpaccess /home/webhostchennai/www
