How to setup FTP server on centos 7.3 ( VSFTP )

Setting up FTP server on Centos 7.3 ( VSFTP )

FTP server is used to transfer the  files between computers / servers over network . This article helps you to setup ftp server on centos 7.3, also this article contains configuration steps for both FTP and SFTP as well as creation of users . Here, I have used VSFTP package which is secure and less vulnerable .

Prerequisites

  • CentOS 7.3 (Operating system used here)
  • root privileges.

Step 1 : Updating the repository and installing VSFTP package.

[root@webhostingchennai ~] # yum check-update

If update is available update the server and reboot it.

[root@webhostingchennai ~] # yum -y install vsftpd

Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-22.el7 will be installed
--> Finished Dependency Resolution

Running transaction
Installing : vsftpd-3.0.2-22.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-22.el7.x86_64 1/1

Installed:
vsftpd.x86_64 0:3.0.2-22.el7

Complete!

 

Step 2 : Modifying the configuration files

After installation, you can find “vsftpd.conf” file under /etc/vsftpd/ which is the main configuration file for VSFTP.

Take a backup copy before making changes

[root@webhostingchennai ~] # cp vsftpd.conf vsftpd.conf1

Now open the configuration file and make changes as below

[root@webhostingchennai ~] # nano /etc/vsftpd/vsftpd.conf

Find for anonymous_enable=YES and change value to NO to disable anonymous FTP access.

anonymous_enable=NO

Uncomment the below line to restrict users to their home directory.

chroot_local_user=YES

Now, add the following lines at the end of file to enable passive mode and allow chroot writable

allow_writeable_chroot=YES
pasv_enable=Yes
pasv_min_port=30000
pasv_max_port=35000

Step 3 : Now restart vsftpd service and make it start automatically after reboot.

[root@webhostingchennai ~] # systemctl restart vsftpd.service
[root@webhostingchennai ~] # systemctl enable vsftpd.service

Step 4 : Enable firewall and add FTP service in firewall to allow ftp ports.

[root@webhostingchennai ~] # systemctl enable firewalld.service
[root@webhostingchennai ~] # firewall-cmd --permanent --add-service=ftp
[root@webhostingchennai ~] # firewall-cmd --reload

Step 5 : Setup SEinux to allow ftp access to the users home directories.

[root@webhostingchennai ~]# setsebool -P ftp_home_dir on

Step 6 : Now create an user for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server.

[root@webhostingchennai ~]# useradd -m webhostchennai -s /sbin/nologin
[root@webhostingchennai ~]# passwd webhostchennai

Changing password for user webhostchennai.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Now, the user webhostchennai can able to login FTP on port 21

You can use any FTP client for transferring the files.

setup ftp server on centos

 

Installing SFTP

SFTP ( Secure File Transfer Protocol ) is used to encrypt connections between clients and the FTP server. It is highly recommended to use SFTP because data is transferred over encrypted connection using SSH-tunnel on port 22 (default). To modify the SSH port refer here

Step 1: Basically we need openssh-server package to enable SFTP. Install openssh-server package, if its not already installed.

[root@webhostingchennai ~]# yum -y install openssh-server

Step 2: Creating a separate group for FTP access.

[root@webhostingchennai ~]# groupadd whcftpaccess

Step 3: Now open “/etc/ssh/sshd_config” file and search for “Subsystem sftp”, and comment this line and include the below lines as shown

#Subsystem sftp /usr/libexec/openssh/sftp-server

Subsystem sftp internal-sftp
 Match group whcftpaccess
 ChrootDirectory %h
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp

Step 4: Now, restart SSHD service

[root@webhostingchennai ~]# systemctl restart sshd

Step 5: Create user webhostchennai with /sbin/nologin shell and whcftpaccess group (group created in step 2).

[root@webhostingchennai ~]# useradd -m webhostchennai2 -s /sbin/nologin -g whcftpaccess
[root@webhostingchennai ~]# passwd webhostchennai2

Changing password for user webhostchennai2.
 New password:
 Retype new password:
 passwd: all authentication tokens updated successfully.
 [root@webhostingchennai ~]#

Step 6: Now assign root ownership for the home directory for chroot access and modify permission.

[root@webhostingchennai ~]# chown root /home/webhostchennai2
[root@webhostingchennai ~]# chmod 750 /home/webhostchennai2

Now, create a directory www inside home directory for writing and modify ownership.

[root@webhostingchennai ~]# mkdir /home/webhostchennai2/www
[root@webhostingchennai ~]# chown -R webhostchennai2:whcftpaccess /home/webhostchennai2/www

Now, the user webhostchennai2 can use both ftp and sftp services and can upload files in www directory .
Setup ftp server centos 7.3

If you are going to use FTP and SFTP together in the same server, you should follow above steps while creating users . For existing users add them to ftpaccess and make below changes.

[root@webhostingchennai ~]# usermod webhostchennai -g ftpaccess
[root@webhostingchennai ~]# chown root /home/webhostchennai
[root@webhostingchennai ~]# chmod 750 /home/webhostchennai
[root@webhostingchennai ~]# mkdir /home/webhostchennai/www
[root@webhostingchennai ~]# chown webhostchennai:ftpaccess /home/webhostchennai/www

You may also like...

Leave a Reply

Your email address will not be published.