FTP Server using vsftpd

Posted by peter on October 25, 2011

Installation

yum install vsftpd with the command

 yum install vsftpd

Edit vsftpd.conf

vi /etc/vsftpd/vsftpd.conf

and make the following is found right at the bottom of the file:

pasv_address=196.213.86.107

pasv_enable=yes

pasv_min_port=11000

pasv_max_port=11101

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

turn on ftp and start the service as follows:

chkconfig vsftpd on

service vsftpd start

Add users as you would in Linux

useradd -m

passwd

Users can now connect to ftp site

Firewall settings

Add port 21 and ports 11000 to 11010, depending on how your firewall is configured (see eg below)

iptables -A FORWARD -i $INT -o $DMZ -p udp --dport 21 -j ACCEPT

iptables -A FORWARD -i $INT -o $DMZ -p tcp --dport 11000:11010 -j ACCEPT

NB Normal users can go to /etc directory (may be to all other directories) and if there is “read only” permission to sensitive files, the user can download the file via FTP.

If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.

Open the vsftpd configuration file, /etc/vsftpd/vsftpd.conf, with the command:

# vi /etc/vsftpd/vsftpd.conf

Make sure following line exists (and is un-commented):

chroot_local_user=YES

Save and close the file. Restart vsftpd:

# /etc/init.d/vsftpd restart

Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root, /tmp and all other directories. This is an essential security feature.

Comments:

Leave a Reply

Name:

Email:
(Your email will not be publicly displayed.)

Please type the letters and numbers shown in the image.Click the image to see another captcha.