vsftpd Server Configuration

This section provides a tutorial example on how to configure vsftpd server to allow some local users to upload and download files in their own private Directories with FTP client programs.

After installing vsftpd, the next step is to review and update its configuration. What I want is allow some local users to upload and download files in their own private directories with FTP client programs.

1. Locate vsftpd configuration files and create a backup.

herong$ cd /etc/vsftpd

herong$ ls -l
total 20
-rw------- 1 root root  125 May 14  2019 ftpusers
-rw------- 1 root root  361 May 14  2019 user_list
-rw------- 1 root root 5098 May 14  2019 vsftpd.conf
-rwxr--r-- 1 root root  348 May 14  2019 vsftpd_conf_migrate.sh

herong$ sudo cp vsftpd.conf vsftpd.conf.bck

2. Open vsftpd.conf to update or add settings as shown below:

herong$ sudo vi vsftpd.conf

# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES

#
# Uncomment this to enable any form of FTP write command.
write_enable=YES

#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022

...

# Activate logging of uploads/downloads.
xferlog_enable=YES

# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/xferlog

# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=NO

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure
# that the user does not have write access to the top level directory
# within the chroot)
chroot_local_user=YES

...

# Allow users in listed in vsftpd.user_list to access the server
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO

# When users are connected to the server, redirect to their "ftp" directory
user_sub_token=$USER
local_root=/home/$USER/ftp

# Specify the range of ports for the passive connections
pasv_min_port=30000
pasv_max_port=31000

3. Restart vsftpd server:

herong$ sudo systemctl restart vsftpd

vsftpd server is ready. See next tutorial on how to set up user's ftp directory and permission.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Memory Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Internet Networking Tools

 SSH Protocol and ssh/scp Commands

 Software Package Manager on CentOS - DNF and YUM

vsftpd - Very Secure FTP Daemon

 Install vsftpd on CentOS

vsftpd Server Configuration

 Setup FTP Sub-Directory for Local Users

 Test FTP Access Locally on CentOS

 Test FTP Access Remotely on CentOS

 Support FTP Over TLS on CentOS

 Disable SSH Access for FTP Users

 LDAP (Lightweight Directory Access Protocol)

 Administrative Tasks

 References

 Full Version in PDF/EPUB