How to configure the Proftpd server on Fedora 22

Source: Internet
Author: User
Tags ftp access root access

How to configure the Proftpd server on Fedora 22

In this article, we will learn how to use Proftpd to set up an FTP server on a computer or server running Fedora 22. ProFTPD is a GPL-authorized free open source FTP server software. It is a mainstream FTP server in Linux. It is designed to provide many advanced functions and provide users with a wide range of configuration options for easy customization. It has many configuration options that are still not available in some other FTP server software. Initially, it was developed as a safer and Easier configuration alternative to the wu-ftpd server.

The FTP server is such a software that allows you to upload or download files and directories from the remote server where FTP is installed. The following are some main features of the ProFTPD server. For more information, visit http://www.proftpd.org/features.html.

  • Each directory can contain the ". ftpaccess" file for access control, similar to Apache's ". htaccess"
  • Supports multiple virtual FTP servers and multiple user logon and anonymous FTP services.
  • The service can be started as an independent process or through inetd/xinetd.
  • Its file/directory attributes, owner, and permissions are UNIX-based.
  • It can run independently to protect the system from potential damages caused by root access.
  • The modular design allows it to easily expand other modules, such as the LDAP server, SSL/TLS encryption, and RADIUS support.
  • The ProFTPD server also supports IPv6.

The following are some simple steps to use ProFTPD to set up an FTP server on a computer running the Fedora 22 operating system.

 

1. Install ProFTPD

First, we will install the Proftpd software on the machine running Fedora 22. Because the yum package manager has been abandoned, we will use the latest and best Package Manager dnf. DNF is easy to use and is a user-friendly Package Manager on Fedora 22. We will use it to install proftpd software. This requires running the following command in sudo mode on the terminal or console.

  1. $ sudo dnf -y install proftpd proftpd-utils

 

2. Configure ProFTPD

Now, we will modify some software configurations. To configure it, you must use a text editor to edit the/etc/proftpd. conf file. The/etc/proftpd. conf file is the main configuration file of the ProFTPD software. Any changes to this file will affect the FTP server. Here is the change we made in the initial step.

  1. $ sudo vi /etc/proftpd.conf

After opening the file in a text editor, we want to change the ServerName and ServerAdmin to your domain name and email address. Below is our change.

  1. ServerName"ftp.linoxide.com"
  2. ServerAdmin arun@linoxide.com

After that, we will add the following settings to the configuration file so that the server can record access and authorization to the corresponding log file.

  1. ExtendedLog/var/log/proftpd/access.log WRITE,READ default
  2. ExtendedLog/var/log/proftpd/auth.log AUTH auth

Adjust ProFTPD settings

 

3. Add an FTP user

After setting the basic configuration file, we naturally want to add an FTP user with a specific directory as the root directory. Currently, you can use the FTP service to log on to the FTP server. However, in this tutorial, we will create a new user who uses the specified directory on the ftp server as the main directory.

Next, we will create a new user group named ftpgroup.

  1. $ sudo groupadd ftpgroup

Then, we will add a new user arunftp as the directory/ftp-dir/as the main directory and add it to this group.

  1. $ sudo useradd -G ftpgroup arunftp -s /sbin/nologin -d /ftp-dir/

After creating a user and joining the user group, we will set a password for the user arunftp.

  1. $ sudo passwd arunftp
  2. Changing password for user arunftp.
  3. New password:
  4. Retypenew password:
  5. passwd: all authentication tokens updated successfully.

Now, we will use the following command to set the read and write permissions for the ftp user's home directory (LCTT: This is SELinux-related settings, if SELinux is not enabled, you can not use it ).

  1. $ sudo setsebool -P allow_ftpd_full_access=1
  2. $ sudo setsebool -P ftp_home_dir=1

Then, we will set that other users are not allowed to move or rename this directory and its contents.

  1. $ sudo chmod -R 1777/ftp-dir/

 

4. Enable TLS support

Currently, the encryption method used by FTP is not secure. Anyone can monitor the network card to read data transmitted by FTP. Therefore, we will enable TLS encryption support for our servers. In this case, you need to edit the/etc/proftpd. conf configuration file. Before that, we need to back up the current configuration file to ensure that the file can be restored after the problem is rectified.

  1. $ sudo cp /etc/proftpd.conf /etc/proftpd.conf.bak

Then, we can use our favorite text editor to modify the configuration file.

  1. $ sudo vi /etc/proftpd.conf

Then, append the following lines to the content we added in step 1.

  1. TLSEngine on
  2. TLSRequired on
  3. TLSProtocolSSLv23
  4. TLSLog/var/log/proftpd/tls.log
  5. TLSRSACertificateFile/etc/pki/tls/certs/proftpd.pem
  6. TLSRSACertificateKeyFile/etc/pki/tls/certs/proftpd.pem

Enable TLS Configuration

After completing the settings above, save and exit.

Then, we need to generate the SSL Certificate proftpd. pem and put it in the/etc/pki/tls/certs/directory. In this case, you must first install openssl on Fedora 22.

  1. $ sudo dnf install openssl

Then, you can generate an SSL Certificate by executing the following command.

  1. $ sudo openssl req -x509 -nodes -newkey rsa:2048-keyout /etc/pki/tls/certs/proftpd.pem -out/etc/pki/tls/certs/proftpd.pem

The system will ask for some basic information that will be written into the credential. After filling in the information, a 2048-bit RSA private key is generated.

  1. Generating a 2048 bit RSA private key
  2. ...................+++
  3. ...................+++
  4. writing newprivate key to '/etc/pki/tls/certs/proftpd.pem'
  5. -----
  6. You are about to be asked to enter information that will be incorporated
  7. into your certificate request.
  8. What you are about to enter is what is called a DistinguishedNameor a DN.
  9. There are quite a few fields but you can leave some blank
  10. For some fields there will be a default value,
  11. If you enter '.', the field will be left blank.
  12. -----
  13. CountryName(2 letter code)[XX]:NP
  14. StateorProvinceName(full name)[]:Narayani
  15. LocalityName(eg, city)[DefaultCity]:Bharatpur
  16. OrganizationName(eg, company)[DefaultCompanyLtd]:Linoxide
  17. OrganizationalUnitName(eg, section)[]:LinuxFreedom
  18. CommonName(eg, your name or your server's hostname) []:ftp.linoxide.com
  19. Email Address []:arun@linoxide.com

After that, we need to change the permissions of the generated credential file to increase security.

  1. $ sudo chmod 600/etc/pki/tls/certs/proftpd.pem

 

5. allow FTP to use Firewall

Now, you need to allow the ftp port, which is generally blocked by the firewall by default. That is to say, the ftp port must be allowed to access through the firewall.

If TLS/SSL encryption is enabled, run the following command.

  1. $ sudo firewall-cmd --add-port=1024-65534/tcp
  2. $ sudo firewall-cmd --add-port=1024-65534/tcp --permanent

If TLS/SSL encryption is not enabled, run the following command.

  1. $ sudo firewall-cmd --permanent --zone=public--add-service=ftp
  2. success

Then, reload the firewall settings.

  1. $ sudo firewall-cmd --reload
  2. success

 

6. Start and activate ProFTPD

After all settings are complete, start ProFTPD and try again. Run the following command to start the proftpd ftp daemon.

  1. $ sudo systemctl start proftpd.service

Then, we can set the boot start.

  1. $ sudo systemctl enable proftpd.service
  2. Created symlink from/etc/systemd/system/multi-user.target.wants/proftpd.service to /usr/lib/systemd/system/proftpd.service.

 

7. log on to the FTP server

Now, if all the settings are correct in this tutorial, we can connect to the ftp server and log on with the above settings. Here, we will configure the FTP client filezilla to use the Server IP address or name *As the host name, select the Protocol *Set "FTP" and "arunftp" as the username. The password is set in step 1 above. If you enable TLS support in step 1, you also need to select an explicit TLS-based FTP in the encryption type. If it is not enabled, you do not want to use TLS encryption, select simple FTP as the encryption type.

FTP logon details

To do the preceding settings, you need to open the file in the menu, click site manager, click Create site, and then set as above.

Ftp ssl Certificate

The system then requires that the SSL Certificate be allowed. Click OK. Then, you can upload and download files and folders from our FTP server.

 

Summary

Finally, we successfully installed and configured the Proftpd FTP server on Fedora 22. Proftpd is a super powerful FTP daemon that can be highly customized and scalable. The preceding tutorial shows how to configure a secure FTP server with TLS encryption. We strongly recommend that you set up the FTP server to support TLS encryption because it allows you to use SSL certificates to encrypt data transmission and login. In this article, we have not configured anonymous FTP access, because it is generally not recommended for protected FTP systems. FTP access makes uploading and downloading easier and more efficient. We can also change user ports to increase security. Well, if you have any questions, suggestions, and feedback, please leave a message in the comment area below so that we can improve and update the article content. Thank you! Have fun :-)

[Translation] install ProFTPD on CentOS 7.0

Install and configure ProFTPD in Linux

ProFTPD FTP server configuration in Ubuntu 12.04

Install and build a ProFTPD server in Ubuntu

Solution for eight hours of Linux VPS vsftp/ProFTPD FTP Time Difference

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.