Installing and Configuring VSFTPD in CentOS
First of all check whether ftp servers are already installed in the server.
You can check it by
#rpm –qa | grep –i ftp
If its already installed then you can skip to the configuration of vsftpd.
If its not installed then you can install it through Yum
#yum install vsftpd
After it is installed, it should be started.
#service vsftpd start
After the vsftpd is started, vsftpd should be started in most common run levels by
#chkconfig vsftpd on
You can verify the on status by
#chkconfig -- list
Or
# chkconfig --list vsftpd
Now the most important part is to configure the configuration file
Open the favorite editor and change these things in the /etc/vsftpd/vsftpd.conf
1. Disable anonymous FTP
Change the anonymous_enable=YES to anyonymous_enable=NO
As
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
2. Restricting the user to the specified home directory
Make the changes as
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=NO
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
3. Also lock down vsftp to a predictable port range. So add the following in the configuration file
pasv_min_port=4000
pasv_max_port=4050
4. Finally add the following to make sure the users are restricted and jailed to their home directory
chroot_local_user=YES
Create the chroot_list file by
# touch /etc/vsftpd/chroot_list
Open the firewall range
iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport 4000:4050 -j ACCEPT
Normally iptables are installed in CentOS automatically otherwise you can install it with
#yum iptables install
Then Restart the vsftpd by
# service vsftpd restart
So now vsftpd has been installed, lets create the ftp user
First lets add a ftp user
# useradd joe
# passwd joe
Then lets disable the SSH access for the FTP users
usermod -s /sbin/nologin joe
If you want to change the home directory of the user to the different one then you can do it so by
usermod -d /www/var joe
After this is done, you have to add the username in the chroot_list file. Upon adding a username in this file with one user per line, they are locked to their own home directory and cannot change their directory. So now lets add joe in the /etc/vsftpd/chroot_list
And also don’t forget to change the ownership of that folder to joe otherwise you will not be able to upload stuff to the directory
chown –R joe /www/var
Now the FTP server is installed and configured properly with restricting access to only the home directory
