FTP in CentOS 6.x with vsftpd,ftp.

In this tutorial I am going to explain about how to install and configure FTP server with Vsftpd and ftp.

To install

yum install vsftpd ftp


Do

setsebool -P ftp_home_dir=1

for SELinux.


after installing edit the configuration file with

vim /etc/vsftpd/vsftpd.conf


For basic secured FTP these are the necessary actions you should follow.

Disable Anonymous login If you want with placing

anonymous_enable=NO


or comment #anonymous_enable=YES.

If you want to restrict users to their home directory Then uncomment

chroot_local_users=YES


For most of the times we generally consider FTP users home directory as their directory. But we can add custom directory location if you want.

syntax:
useradd -d /path/path <username>


ex:
useradd -d /ftp/raja rajapasswd raja



so right now raja user we use to login into FTP and its in a custom directory.

If you want to add vsftpd service as autostart from next restart then you better add it startup list with

chkconfig --levels 235 vsftpd on


there 2,3,5 are runlevels

If you want to start FTP service i.e vsftpd then

service vsftpd start


in the same way restart ,stop,status are as follow

service vsftpd restart service vsftpd stop service vsftpd status




Sometimes we may need to store the local server log time in your log of FTP , so write this line at the end of the configuration file I have mentioned above

use_localtime=YES


Now due to security reasons no one will use default FTP port 21 as their port for service. We can change it.
Open the configuration file of vsftpd and mention at line as

listen_port=2121
or anyportyouwant

then save and close it.

after that restart vsftpd service. But you wont be able to connect . why means here you have changed default port, so automatically you have to update the same port in your IPTables.

open IPtables with

vim /etc/sysconfig/iptables


and write a line like

-A INPUT -p tcp -m state --state NEW -m tcp --dport 2121 -j ACCEPT


Then restart iptables with

service iptables restart


so It will now accepts remote FTP connections through that port.


Here you have to add Boolean to selinux to get allow from it. I have set selinux to permissive from enforcing with

setenforce 0


then check with

getenforce


Now I am going to tell you about how to share single FTP directory for multiple users.

This is pretty simple I am introducing ACL's here. Many people do in their own way and this is mine.

add user first with

useradd -d /ftp/raja raja2


then

setfacl -m u:raja2:rwx /ftp/raja


so for users Raja and Raja2 we are giving same directory for sharing.

How to login ?

If you ware using default port of FTP i.e 21 then assume like your FTP server IP as 192.168.1.1

then in terminal like

ftp 192.168.1.1


then give username and password.

make sure you have followed selinux thing before this to have proper connectivity.

If you have changed default port , the way of connecting will be different a little but , assume your new port is 4545 then you can connect with

ftp 192.168.1.1 4545


Let me give time to arrange this post with proper format.
But I am sure , It is clear enough to read and let me know If I am missing anything I will add it.





0 comments:

Post a Comment