How To: Configure Secure FTP Server (VSFTPD) (on FC16)

By Kulbir Saini

In Administration, Configuration, FTP,

FTP Server,
HowTo,
Linux,
Security,
Server

This post is totally dedicated to vsftpd configuration with uploads enabled. vsftpd stands for Very Secure FTP Daemon. it is shipped with almost all the latest Red Hat based OS. vsftpd for rpm based Linux distros can be downloaded fromhere.
Also, one can install vsftpd by issuing 'yum install vsftpd 'or 'apt-get install vsftpd' command. After installing vsftpd, you just need to start the vsftpd service.

[root@bordeaux saini]$ service vsftpd start [Enter]

Note: The vsftpd startup mode is different under FC16. For details, refer to restart:

One of my Saturday projects was to get VSFTP working on the new Fedora 16 Setup for maintaining Drupal 7.

The new (and not improved) way of starting the VSFTPD service goes like this, since all you know is history. =)

$ Sudo systemctl enable vsftpd @. service <=== enables the service

$ Sudo systemctl start vsftpd@vsftpd.service

You will probably want to include these lines in your startup scripts

Cause: It is because of the way the service file (of vsftpd) is written. It is written poorly and that needs to be fixed. Nothing other than vsftpd shocould really change much

And you are done. your computer is now a FTP server. you can browse your ftp server by pointing your favorite browser to ftp: // localhost/or ftp: // 127.0.0.1/or ftp: // <IP_ADDRESS_OF_YOUR_MACHINE>.

If you see access denied or some error related to access. Issue 'iptables-flush 'and 'setenforce 0' commands.

By default the files and directories in/var/ftp/directory will be shown at ftp: // localhost/. Now, there are two ways to share your files on ftp.

1. Copy/move files that you want to share to/var/ftp/directory.

2. Mount directories you want to share to/var/ftp/SharedDirName. Suppose you want to share/home/saini/Movies/folder on your ftp, then follow the following steps:

Step 1

Login as root.

12	[saini@bordeaux saini]$ su [Enter]Enter Password for root.

Step 2

Go to/var/ftp/and create the directory that you want to share.

12	[root@bordeaux saini]$ cd /var/ftp/ [Enter][root@bordeaux ftp]$ mkdir SharedMovies [Enter]

Step 3

Bind the original directory to SharedMovies.

[root@bordeaux ftp]$ mount --bind /home/saini/Movies/ /var/ftp/SharedMovies/ [Enter]

If you browse your ftp now, you'll see SharedMovies folder as well. You can remove default pub directory if you don't like it.

The current ftp server will be a very basic one and will allow only downloads. Below we will see how to configure it so that others are allowed to upload files/directories to your server.

Step 1

Create a directory say 'upload '.

[root@bordeaux saini]$ mkdir Upload [Enter]

Note that this Upload directory can be anywhere either in your home directory or in/var/ftp/or even on some other partitions.

Step 2

Change the ownership of Upload to ftp and change the permissions to 777.

12	[root@bordeaux saini]$ chown ftp:ftp Upload [Enter][root@bordeaux saini]$ chmod 777 Upload [Enter]

Step 3

If you created Upload at any place other than/var/ftp/, then bind it to a dir in/var/ftp /.

12	[root@bordeaux saini]$ mkdir /var/ftp/Uploads [Enter][root@bordeaux saini]$ mount --bind /home/saini/Upload/ /var/ftp/Uploads/ [Enter]

Step 4

Configure vsftpd. conf. The default configuration files for vsftpd lives in/etc/vsftpd/. vsftpd. conf is configuration file for vsftpd.
Open/etc/vsftpd. conf in any editor and add/uncomment the following lines:

Lines to be added or uncomments in/etc/vsftpd. conf

1234567891011

anonymous_enable=YESwrite_enable=YESwrite_enable=YESanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YESdirmessage_enable=YESdirlist_enable=YESno_anon_password=YESfile_open_mode=0777guest_enable=YES

Save vsftpd. conf file and restart the vsftpd service with the command 'service vsftpd restart'. Now anyone can upload files to your ftp server, but only to Upload folder.

There are certain more configurations which are related to restricting bandwidth, upload/download speed, connections etc.

1234

max_per_ip=2 # Max no. of allowed connections per IP Address.max_clients=3 # Max no. of different IP Addressed which are allowed to connect.anon_max_rate=1097152 # Max bytes/sec a user can upload/download to/from your ftp server.banner_file=/etc/vsftpd/ftp_banner # The file containing the welcome message to be displayed to the clients.

For more configuration options, refer man pages for vsftpd. conf and vsftpd.

Note:

• Whenever you restart your computer, you have to bind the directories everytime, so that they are shown on the ftp server. to skip binding every time, write everything (all commands for binding) in amount. sh
  File and run it whenever you restart your computer.
• You can view my vsftpd. conf file
  Here.
• Sometime, uploaded files doesn' t have 777 permissions. You can run this
  Shell script in background forever.

PS0: Absence of compat-libstdc ++-33 (libstdc ++. so.5) is breaking a large no. of applications in Fedora 7. Here's a solutionanyway.