This tutorial focuses on how to setup vsftpd server on your linux
based VPS or a dedicated server. The vsftpd stands for “Very Secure FTP
Daemon”. It is not just secure as the name suggests but also delivers
excellent performance by consuming less memory. The tutorial also
teaches you how to configure by adding ftp users and locking the
directory to individual users.
You can install vsftpd on Ubuntu / Debian, CentOS /Fedora and RHEL linux.
Installing vsftpd on Ubuntu or Debian
Installing vsftpd on CentOS / Fedora
How to configure vsftpd:
Now that you’ve installed vsftpd, follow this procedure to configure it. These steps applies for both the linux variants.
Before you get started, stop the vsftpd by typing:
Edit the vsftp.conf
In Ubuntu / Debian:
In Red Hat / CentOS
Make the following changes:
We don’t want anonymous login:
Setup a password for the user:
In order to enable the ftpuser read and write the data in your home dir, change the permission and take ownership:
Create userlist file and add the user:
Ubuntu / Debian:
CentOS / Fedora
and add the user:
save the file and open the vsftp.conf file again:
Add the following lines at the end of the file and save it:
The file should look like this:
Now create a usergroup and add the ftpuser to it:
Now start the vsftpd:
That’s it. Now you have a secure installation of vsftpd on your server.
You can install vsftpd on Ubuntu / Debian, CentOS /Fedora and RHEL linux.
Installing vsftpd on Ubuntu or Debian
sudo apt-get install vsftpdInstalling vsftpd on CentOS / Fedora
yum install vsftpdHow to configure vsftpd:
Now that you’ve installed vsftpd, follow this procedure to configure it. These steps applies for both the linux variants.
Before you get started, stop the vsftpd by typing:
service vsftpd stopEdit the vsftp.conf
In Ubuntu / Debian:
vi /etc/vsftpd.confIn Red Hat / CentOS
vi /etc/vsftpd/vsftpd.confMake the following changes:
We don’t want anonymous login:
anonymous_enable=NOEnable local users:
local_enable=YESThe ftpuser should be able to write data:
write_enable=YESPort 20 need to turned off, makes vsftpd run less privileged:
connect_from_port_20=NOChroot everyone:
chroot_local_user=YESset umask to 022 to make sure that all the files (644) and folders (755) you upload get the proper permissions.
local_umask=022Now that basic configuration is complete, now let us begin with locking / securing a directory to user.
sudo useradd -d /var/www/path/to/your/dir -s /usr/sbin/nologin ftpuserSetup a password for the user:
sudo passwd ftpuserIn order to enable the ftpuser read and write the data in your home dir, change the permission and take ownership:
sudo chown -R ftpuser /var/www/path/to/your/dirsudo chmod 775 /var/www/path/to/your/dirCreate userlist file and add the user:
Ubuntu / Debian:
vi /etc/vsftpd.userlistCentOS / Fedora
vi /etc/vsftpd/vsftpd.userlistand add the user:
ftpusersave the file and open the vsftp.conf file again:
vi /etc/vsftpd.confAdd the following lines at the end of the file and save it:
# the list of users to give accessAfter completing all these procedures it is almost ready to use it, give it a try but you will get a 500 OOPS permission denied error. To fix it you need to add a nologin to the shell set.
userlist_file=/etc/vsftpd.userlist
# this list is on
userlist_enable=YES
# It is not a list of users to deny ftp access
userlist_deny=NO
vi /etc/shellsThe file should look like this:
/bin/kshAdd this line at the end:
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash
/usr/sbin/nologinNow create a usergroup and add the ftpuser to it:
sudo addgroup ftpuserssudo usermod -Gftpusers ftpuserNow start the vsftpd:
service vsftpd startThat’s it. Now you have a secure installation of vsftpd on your server.
No comments:
Post a Comment