Skip to main content

How To Setup FTP server on centos 7 ( VSFTP )

By depratama
From : http://www.krizna.com/centos/setup-ftp-server-centos-7-vsftp/
FTP server is used to exchange files between computers over network . This guide helps you to setup ftp server on centos 7 . This guide contains configuration steps for both FTP and SFTP as well as user creation . Here i've used VSFTP package which is secure and less vulnerable .
1. FTP Server
2. SFTP Server
3. User creation

Setup FTP server on centos 7

Step 1 » Update your repository and install VSFTPD package .
[root@krizna ~]# yum check-update
[root@krizna ~]# yum -y install vsftpd
Step 2 » After installation you can find /etc/vsftpd/vsftpd.conf file which is the main configuration file for VSFTP.
Take a backup copy before making changes .
[root@krizna ~]# mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orgNow open the file and make changes as below
[root@krizna ~]# nano /etc/vsftpd/vsftpd.confFind this line anonymous_enable=YES ( Line no : 12 ) and change value to NO to disable anonymous FTP access.
anonymous_enable=NOUncomment the below line ( Line no : 100 ) to restrict users to their home directory.
chroot_local_user=YESand add the below lines at the end of the file to enable passive mode and allow chroot writable.
allow_writeable_chroot=YES
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100
Step 3 » Now restart vsftpd service and make it start automatically after reboot.
[root@krizna ~]# systemctl restart vsftpd.service
[root@krizna ~]# systemctl enable vsftpd.service
Step 4 » Add FTP service in firewall to allow ftp ports .
[root@krizna ~]# firewall-cmd --permanent --add-service=ftp
[root@krizna ~]# firewall-cmd --reload
Step 5 » Setup SEinux to allow ftp access to the users home directories .
[root@krizna ~]# setsebool -P ftp_home_dir on
Step 6 » Now create an User for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server .
[root@krizna ~]# useradd -m dave -s /sbin/nologin
[root@krizna ~]# passwd daveNow user dave can able to login ftp on port 21 .
You can filezilla or winscp client for accessing files.
Setup ftp server centos 7

SFTP server

SFTP ( Secure File Transfer Protocol ) is used to encrypt connections between clients and the FTP server. It is highly recommended to use SFTP because data is transferred over encrypted connection using SSH-tunnel on port 22 .
Basically we need openssh-server package to enable SFTP .
Install openssh-server package, if its not already installed.
[root@krizna ~]# yum -y install openssh-server
Step 7 » Create a separate group for FTP access.
[root@krizna ~]# groupadd ftpaccess
Step 8 » Now open /etc/ssh/sshd_config file and make changes as below.
Find and comment the below line ( Line no : 147 ).
#Subsystem sftp /usr/libexec/openssh/sftp-serverand add these lines below.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 9 » Now restart sshd service.
[root@krizna ~]# systemctl restart sshdNow your SFTP server is configured and ready .

User creation

Step 10 » Create user jack with /sbin/nologin shell and ftpaccess group
[root@krizna ~]# useradd -m jack -s /sbin/nologin -g ftpaccess
[root@krizna ~]# passwd jackNow assign root ownership for the home directory for chroot access and modify permission.
[root@krizna ~]# chown root /home/jack
[root@krizna ~]# chmod 750 /home/jackCreate a directory www inside home directory for writing and modify ownership .
[root@krizna ~]# mkdir /home/jack/www
[root@krizna ~]# chown jack:ftpaccess /home/jack/www
Now jack can use both ftp and sftp services . He can upload files in www directory .
Setup ftp server centos 7
If you are going to use FTP and SFTP together in the same server, you should follow above steps while creating users . For existing users add them to ftpaccess and make below changes.
[root@krizna ~]# usermod dave -g ftpaccess
[root@krizna ~]# chown root /home/dave
[root@krizna ~]# chmod 750 /home/dave
[root@krizna ~]# mkdir /home/dave/www
[root@krizna ~]# chown dave:ftpaccess /home/dave/www

Popular posts from this blog

Extend a LVM partition after increasing its virtual disk on Virtualbox

By depratama
No Linux machine at work? the easy way could be to simply install Virtualbox in one of the PC, create a VDI and install Ubuntu 14.04 in it. But the day will come when you need more space! Here is how to resize it: Resize Virtualbox VDI Open Virtualbox, make sure to shutdown your virtual machine. Then open a terminal (here windows): 1 2 3 4 cd “ C : \ Program Files \ Oracle \ VirtualBox ” VBoxManage list vms VBoxManage clonehd uuid 0000000000000000 backup . vdi VBoxManage modifyhd uuid 0000000000000000 -- resize 204800 This is the Virtualbox official manual  of available commands. And  this is a website  to convert Gb into Mb (–resize takes Mb as input, 200Gb = 204800Mb). Boot Gparted to resize the partition After a default install of Ubuntu Server on one physical disk, you will have a SWAP partition, and then an extended partition in which you’ll have your LVM partition (So 3 partitions).  Download Gparted  .iso,...
Read more

Website Using HTTPS Protocol

By depratama
Last week, I changed protocol of my website from http to https. There were steps that i had to do. First, I installed openssl package and mod_ssl # yum install mod_ssl openssl Then, I configured the openssl  and created certificate # cd /etc/pki/tls/certs # make server.key # openssl rsa -in server.key -out server.key # make server.csr # openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 # chmod 400 server.* After that, I changed configuration of httpd/apache #nano /etc/httpd/conf.d/ssl.conf DocumentRoot "/var/www/html" ServerName www.server.world:443 SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/certs/server.key Last, I restarted the webserver #service httpd restart That's all what i did last week to change my website protocol from http to https.
Read more

Word 2003 “This document couldnot be registered. It will not be possible to create links from other documents to this document.”

By depratama
One day when i open a document in Ms. Word 2003, I get the message “ This document could not be registered. It will not be possible to create links from other documents to this document .” After searching using google.com and open some website, i have one solution. It’s only one maybe two step that i have to do. I open my services panel and activated my DCOM Server Process Launcher . And, it works, the message no longer show again when i open my document using word 2003. That’s all. I hope it works to you too, if you have same problem. Nb: Open services panel, just open Run (Start–> Run) and type services.msc then Enter .
Post a Comment
Read more