vsftpd (Very Secure FTP Daemon) is a secure and fast FTP server for UNIX systems including Linux. It is the default FTP service in Red Hat Enterprise Linux, CentOS, Ubuntu and many other Linux distributions. This article walks through steps required to create a simple and secure FTP server using vsftpd in your server with CentOS 6 Linux operating system.
Running the commands given here requires root user privilege in your CentOS 6 server.
vsftpd is available in CentOS base repository and it can be installed using YUM package manager.
yum install vsftpd -y
Enable vsftpd service during server boot:
chkconfig vsftpd on
Main configuration file of vsftpd is /etc/vsftpd/vsftpd.conf. Edit this file using vi, nano or your favorite text editor and make following changes:
anonymous_enable=NO – Disable anonymous FTP logins.
local_enable=YES – Enable FTP login for system users. Here we use system users as FTP users.
ftpd_banner=FTP Server – Setting this option disables the default welcome message which contains vsftpd version and other server information. Here, banner is set to the string ‘FTP Server’ and it will be displayed as the welcome message to FTP clients while connecting.
chroot_local_user=YES – Restrict FTP users inside their home directory so that they cannot access other file system paths in the server.
hide_ids=YES – Hide numerical user and group IDs in FTP directory listing by showing ‘ftp’ instead of actual user and group IDs.
Restart vsftpd to make above configuration changes effective:
service vsftpd restart
Create and manage FTP users
Here FTP users are created as system users. Use useradd’ command to create a system user. Following command creates a system user named john:
FTP directory of the system user is same as its home directory. By default, a user’s home directory is created as /home/USER (where USER stands for the user name). If you want a different home directory (and thus FTP directory) specify that directory with -d option of useradd command while creating the user. For example, following command creates a user named john with home and ftp directory as /ftp/john
useradd -d /ftp/john john
It is a good idea not to allow shell/SSH access to FTP users. For that you can set login shell of the user to /sbin/nologin while creating the user. You can use -s option of useradd command for this.
useradd -d /ftp/john -s /sbin/nologin john
To set password for a system user, use passwd command. Following command sets password for user john:
Since system users are used as FTP users, you can use other system user management commands to manage these FTP users. For example, use usermod to modify home/FTP directory, login shell etc of the FTP user and use userdel command to remove a FTP user.
When to use vsftpd
vsftpd is lightweight and it can scale efficiently with many users. It is recommended to use vsftpd if you main requirements are security, performance and stability.