What is FTP?
FTP (File Transfer Protocol) is a client-server network protocol that allows users to exchange files to and from remote computers.
FTP uses plain text to transfer data and access data. There are several different open-source FTP servers available for the Linux operating system platform. The most commonly used FTP servers are VSFTPD, ProFTPD and PureFTPD. The FTP protocol uses port number 21 for connection and port 20 for data transfer. In passive mode, additional ports are used.
In this tutorial, we will learn how to set up and configure VSFTPD. It is very secure and stable and available in the CentOS 8 package repository.
Install VSFTP FTP-Server
To install the VSFTPD package on CentOS 8, open up a terminal or connect to your server by SSH as root user and type in the following command:
# dnf install –y vsftpd
Once the package is installed, start and enable the VSFTPD service by using the following command:
# systemctl enable vsftpd # systemctl start vsftpd
Take a copy of original configuration file /etc/vsftpd/vsftpd.conf by typing the following command:
# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bk
Now edit the configuration file, by using the following command:
# vim /etc/vsftpd/vsftpd.conf
Find and set following directives therein:
anonymous_enable=NO # disable anonymous users(Unknown users) local_enable=YES # allow local users write_enable=YES # allow ftp write commands local_umask=022 # set default umask dirmessage_enable=YES # enable messages on change directory xferlog_enable=YES # enable logging of uploads and downloads connect_from_port_20=YES # ensure PORT transfer connections from port 20 xferlog_std_format=YES # keep standard log format listen=NO # prevent vsftpd run in stand-alone mode listen_ipv6=YES # allow vsftpd to listen on IPv6 socket pam_service_name=vsftpd # set PAM Service name to vsftpd
Configure user list in FTP Server
By default, all the users that are in the user_list file located at /etc/vsftpd/user_list are allowed to use FTP services.
To restrict users in a chrooted environment, use the following directives:
chroot_local_user=YES # Create chrooted environment for users allow_writeable_chroot=YES # Allow write permission to a user on chroot jail directory
To keep user restrict to their home directory, use the following directives:
userlist_enable=YES # enable vsftpd to load usernames userlist_deny=NO # allow access to users in the user list
If you want to provide an overall access to our system add this directive into your configuration file:
chroot_list_enable=YES chroot_list_file=/etc/vsftpd/chroot_list #users in this file list have an overall access
Save and close the configuration file.
Now, create a chroot_list under /etc/vsftpd/ directory, by using the following command:
# touch /etc/vsftpd/chroot_list
Add only those users in that list to whom you want to provide overall access on the system.
Create a user to access FTP Services
To create a user for using FTP service, use the following command:
# useradd user1 # passwd user1
Add that user in user_list file to restrict a user to their home directory, use the following command:
# vim /etc/vsftpd/user_list
Type “i” for insert and type that user name, as shown in the figure:
Press ESC and type :wq! for save the file.
If you want to provide a specific user an overall access to the system add that user in /etc/vsftpd/chroot_list.
Restart the VSFTPD Service:
# systemctl restart vsftpd
Verify the status of FTP Service using the following command:
# systemctl status vsftpd
Configure Firewall for FTP
To allow FTP service through the firewall, use the following command:
# firewall-cmd - - add-service = ftp - - permanent # firewall-cmd - - reload
Testing FTP Server from Windows Machine
To connect to FTP Server need a client software. The most commonly used software for FTP is FileZilla, WINSCP, etc. I am using FileZilla for connection.
Open Up your FTP Client Software, enter the following details to connect:
Host — > IP address or hostname.
Username: FTP username (In my case it is user1)
Password
Port: 21
After successfully connected, you can upload/download files according to your need.
Conclusion
In this tutorial we learned how to set up an FTP server on Centos 8, how to restrict users to their home directory and how to grant them read/write access. We also saw how to give the specific user general access to the system.