Q. What is VSFTPD ?

-- vsftpd, (or very secure FTP daemon), is an FTP server that runs on Linux/UNIX Operating Systems. It is Licensed under the GNU General Public License. It supports IPv6 and SSL. VSFTP is a secure, stable, and fast FTP Server.

Step: 1. Install VSFTP Server :

# yum install -y vsftpd

Step: 2. Configure FTP Server :

# vi /etc/vsftpd/vsftpd.conf

Find these Lines :

-- At line 12:

anonymous_enable=NO

-- At lines 96 & 97 Uncommented the following :

chroot_local_user=YES
chroot_list_enable=YES

-- At line 98 Uncomment the following :

chroot_list_file=/etc/vsftpd/chroot_list

-- Just delete the # sign

userlist_enable=YES

-- Save & Exit (:wq)

Step: 3. Make the Directory Accessible to the ftp-users Group :

# useradd -d /var/www/path/to/your/dir -s /usr/sbin/nologin ftpuser1
# passwd ftpuser1
# chown -Rf ftpuser1 /var/www/path/to/your/dir
# chmod 775 /var/www/path/to/your/dir

Step: 4. Create a File Under /etc/vsftpd :

# vi /etc/vsftpd/chroot_list

-- Jail Users or Limits Users to only their home directory. To add the limited user name in the 'chroot_list'

ftpuser1
ftpuser2

-- Save & Quit (:wq)

Step: 5. To Add a nologin to the Shell :

# vi /etc/shells

-- The file should look like this:

    /bin/ksh
    /usr/bin/rc
    /usr/bin/tcsh
    /bin/tcsh
    /usr/bin/esh
    /bin/dash
    /bin/bash
    /bin/rbash

-- Add this line at the End:

    /usr/sbin/nologin

-- Save & Exit (:wq)

Step: 6. Now Create a usergroup & Add the ftpuser1 to it :

# addgroup ftp-users
# usermod -Gftp-users ftpuser1

Step: 7. Restart the FTP Service :

# service vsftpd restart
# chkconfig vsftpd on
# netstat -tulpn | grep :21
# service vsftpd status

Step: 8. Configure Firewall & Set SELinux for FTP :

# iptables -I INPUT -p tcp -m tcp --dport 20 -j ACCEPT
# iptables -I INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# iptables -I INPUT -p tcp -m tcp --dport 12000:12100 -j ACCEPT
# iptables -I INPUT -p udp -m tcp --dport 12000:12100 -j ACCEPT

# setsebool -P ftpd_disable_trans=1

Step: 9. View FTP Log File :

# tail –100f /var/log/vsftpd.log

Step: 10. VSFTP Passive Port Configuration :

# vi /etc/vsftpd/vsftpd.conf

-- Add these Lines at the End:

# PASV Configurations :
pasv_promiscuous=YES
pasv_enable=YES
pasv_min_port=12000
pasv_max_port=12100
#pasv_address=X.X.X.X

# Other Parameter :
max_login_fails=5
max_per_ip=5
max_clients=10
require_ssl_reuse=NO
listen_port=21
use_localtime=YES
connect_from_port_20=NO

-- Save & Quit (:wq)

# service vsftpd restart

Step: 11. Check Connectivity through Web Browser:

ftp://192.168.72.142
Enter User name & Password.

-- Or You Can use Filezilla or Any other FTP Client.

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog