Linux Tutorials - Herong's Tutorial Examples - v5.45, by Herong Yang
vsftpd Server Configuration
This section provides a tutorial example on how to configure vsftpd server to allow some local users to upload and download files in their own private Directories with FTP client programs.
After installing vsftpd, the next step is to review and update its configuration. What I want is allow some local users to upload and download files in their own private directories with FTP client programs.
1. Locate vsftpd configuration files and create a backup.
herong$ cd /etc/vsftpd herong$ ls -l total 20 -rw------- 1 root root 125 May 14 2019 ftpusers -rw------- 1 root root 361 May 14 2019 user_list -rw------- 1 root root 5098 May 14 2019 vsftpd.conf -rwxr--r-- 1 root root 348 May 14 2019 vsftpd_conf_migrate.sh herong$ sudo cp vsftpd.conf vsftpd.conf.bck
2. Open vsftpd.conf to update or add settings as shown below:
herong$ sudo vi vsftpd.conf # Uncomment this to allow local users to log in. # When SELinux is enforcing check for SE bool ftp_home_dir local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 ... # Activate logging of uploads/downloads. xferlog_enable=YES # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/xferlog # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=NO # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # (Warning! chroot'ing can be very dangerous. If using chroot, make sure # that the user does not have write access to the top level directory # within the chroot) chroot_local_user=YES ... # Allow users in listed in vsftpd.user_list to access the server userlist_enable=YES userlist_file=/etc/vsftpd/user_list userlist_deny=NO # When users are connected to the server, redirect to their "ftp" directory user_sub_token=$USER local_root=/home/$USER/ftp # Specify the range of ports for the passive connections pasv_min_port=30000 pasv_max_port=31000
3. Restart vsftpd server:
herong$ sudo systemctl restart vsftpd
vsftpd server is ready. See next tutorial on how to set up user's ftp directory and permission.
Table of Contents
Cockpit - Web Portal for Administrator
SELinux - Security-Enhanced Linux
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
►vsftpd - Very Secure FTP Daemon
Setup FTP Sub-Directory for Local Users
Test FTP Access Locally on CentOS
Test FTP Access Remotely on CentOS
Support FTP Over TLS on CentOS
Disable SSH Access for FTP Users