fernandoaleman/how-to-install-vsftpd-on-centos.txt

## how-to-install-vsftpd-on-centos.txt
Installing vsftpd on CentOS

yum install vsftpd

How to configure vsftpd:

Now that you’ve installed vsftpd, follow this procedure to configure it. These steps applies for both the linux variants.

Before you get started, stop the vsftpd by typing:

service vsftpd stop

Edit the vsftp.conf

vi /etc/vsftpd/vsftpd.conf

Make the following changes:

We don’t want anonymous login:

anonymous_enable=NO

Enable local users:

local_enable=YES

The ftpuser should be able to write data:

write_enable=YES

Port 20 need to turned off, makes vsftpd run less privileged:

connect_from_port_20=NO

Chroot everyone:

chroot_local_user=YES

set umask to 022 to make sure that all the files (644) and folders (755) you upload get the proper permissions.

local_umask=022

Now that basic configuration is complete, now let us begin with locking / securing a directory to user.

sudo useradd -d /var/www/path/to/your/dir -s /usr/sbin/nologin ftpuser

Setup a password for the user:

sudo passwd ftpuser

In order to enable the ftpuser read and write the data in your home dir, change the permission and take ownership:

sudo chown -R ftpuser /var/www/path/to/your/dir
sudo chmod 775 /var/www/path/to/your/dir

Create userlist file and add the user:

Ubuntu / Debian:
vi /etc/vsftpd.userlist

CentOS / Fedora

vi /etc/vsftpd/vsftpd.userlist

and add the user:

ftpuser

save the file and open the vsftp.conf file again:

vi /etc/vsftpd.conf

Add the following lines at the end of the file and save it:

# the list of users to give access
userlist_file=/etc/vsftpd.userlist

# this list is on
userlist_enable=YES

# It is not a list of users to deny ftp access
userlist_deny=NO

After completing all these procedures it is almost ready to use it, give it a try but you will get a 500 OOPS permission denied error. To fix it you need to add a nologin to the shell set.

vi /etc/shells

The file should look like this:

/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash

Add this line at the end:

/usr/sbin/nologin

Now create a usergroup and add the ftpuser to it:

sudo addgroup ftpusers
sudo usermod -Gftpusers ftpuser

Now start the vsftpd:

service vsftpd start

That’s it. Now you have a secure installation of vsftpd on your server.
	Installing vsftpd on CentOS

	yum install vsftpd

	How to configure vsftpd:

	Now that you’ve installed vsftpd, follow this procedure to configure it. These steps applies for both the linux variants.

	Before you get started, stop the vsftpd by typing:

	service vsftpd stop

	Edit the vsftp.conf

	vi /etc/vsftpd/vsftpd.conf

	Make the following changes:

	We don’t want anonymous login:

	anonymous_enable=NO

	Enable local users:

	local_enable=YES

	The ftpuser should be able to write data:

	write_enable=YES

	Port 20 need to turned off, makes vsftpd run less privileged:

	connect_from_port_20=NO

	Chroot everyone:

	chroot_local_user=YES

	set umask to 022 to make sure that all the files (644) and folders (755) you upload get the proper permissions.

	local_umask=022

	Now that basic configuration is complete, now let us begin with locking / securing a directory to user.

	sudo useradd -d /var/www/path/to/your/dir -s /usr/sbin/nologin ftpuser

	Setup a password for the user:

	sudo passwd ftpuser

	In order to enable the ftpuser read and write the data in your home dir, change the permission and take ownership:

	sudo chown -R ftpuser /var/www/path/to/your/dir
	sudo chmod 775 /var/www/path/to/your/dir

	Create userlist file and add the user:

	Ubuntu / Debian:
	vi /etc/vsftpd.userlist

	CentOS / Fedora

	vi /etc/vsftpd/vsftpd.userlist

	and add the user:

	ftpuser

	save the file and open the vsftp.conf file again:

	vi /etc/vsftpd.conf

	Add the following lines at the end of the file and save it:

	# the list of users to give access
	userlist_file=/etc/vsftpd.userlist

	# this list is on
	userlist_enable=YES

	# It is not a list of users to deny ftp access
	userlist_deny=NO

	After completing all these procedures it is almost ready to use it, give it a try but you will get a 500 OOPS permission denied error. To fix it you need to add a nologin to the shell set.

	vi /etc/shells

	The file should look like this:

	/bin/ksh
	/usr/bin/rc
	/usr/bin/tcsh
	/bin/tcsh
	/usr/bin/esh
	/bin/dash
	/bin/bash
	/bin/rbash

	Add this line at the end:

	/usr/sbin/nologin

	Now create a usergroup and add the ftpuser to it:

	sudo addgroup ftpusers
	sudo usermod -Gftpusers ftpuser

	Now start the vsftpd:

	service vsftpd start

	That’s it. Now you have a secure installation of vsftpd on your server.