How to Install and Configure vsFTPd on CentOS 7

In this article, you’ll learn how to install and configure vsFTPd on CentOS 7. FTP [File Transfer Protocol] is used for sending/transferring files over the web/internet this method is used over decades and in this article we’ll see about vsFTPd [Very Secure File Transfer Protocol Daemon].

Prerequisite 

  • Access to a CentOS machine with root or sudo privileges
  • Text editor 

Steps to Install and Configure vsFTPd on CentOS 7

If you are looking for a secure and reliable way to transfer files between different computers, then vsFTPd is an excellent choice. vsFTPd, or Very Secure FTP daemon, is an open-source FTP server that is widely used by many organizations around the world. In this blog, we will show you how to install and configure vsFTPd on CentOS 7.

Step 1: Install vsFTPd on CentOS

yum install -y vsftpd

how to install and configure vsFTPd on CentOS 7

Sample Output:

[root@centos ~]# yum install -y vsftpd
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirror.bizflycloud.vn
* extras: mirrors.viethosting.com
* updates: centos.mirrors.estointernet.in
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 222 kB 00:00:01
(3/4): updates/7/x86_64/primary_db | 3.7 MB 00:00:02
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:00:02
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-28.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
Package Arch Version Repository Size
=============================================================================================
Installing:
vsftpd x86_64 3.0.2-28.el7 base 172 k

Transaction Summary
=============================================================================================
Install 1 Package

Total download size: 172 k
Installed size: 353 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/vsftpd-3.0.2-28.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for vsftpd-3.0.2-28.el7.x86_64.rpm is not installed
vsftpd-3.0.2-28.el7.x86_64.rpm | 172 kB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Package : centos-release-7-6.1810.2.el7.centos.x86_64 (installed)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-28.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-28.el7.x86_64 1/1

Installed:
vsftpd.x86_64 0:3.0.2-28.el7

Complete!
[root@centos ~]#

Step 2: Start the vsftpd service and auto start service on boot

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

how to install and configure vsFTPd on CentOS 7

Sample Output

[root@centos ~]# sudo systemctl start vsftpd
[root@centos ~]# sudo systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@centos ~]#

Step 3: Install Firewall on CentOS 

sudo yum install firewalld

how to install and configure vsFTPd on CentOS 7

Sample Output:

[root@centos ~]# sudo yum install firewalld
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bizflycloud.vn
* extras: mirrors.viethosting.com
* updates: centos.mirrors.estointernet.in
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.6.3-12.el7 will be installed
--> Processing Dependency: python-firewall = 0.6.3-12.el7 for package: firewalld-0.6.3-12.el7.noarch
--> Processing Dependency: firewalld-filesystem = 0.6.3-12.el7 for package: firewalld-0.6.3-12.el7.noarch
--> Processing Dependency: ipset for package: firewalld-0.6.3-12.el7.noarch
--> Processing Dependency: ebtables for package: firewalld-0.6.3-12.el7.noarch
--> Running transaction check
---> Package ebtables.x86_64 0:2.0.10-16.el7 will be installed
---> Package firewalld-filesystem.noarch 0:0.6.3-12.el7 will be installed
---> Package ipset.x86_64 0:7.1-1.el7 will be installed
--> Processing Dependency: ipset-libs(x86-64) = 7.1-1.el7 for package: ipset-7.1-1.el7.x86_64
--> Processing Dependency: libipset.so.13(LIBIPSET_4.8)(64bit) for package: ipset-7.1-1.el7.x86_64
--> Processing Dependency: libipset.so.13(LIBIPSET_2.0)(64bit) for package: ipset-7.1-1.el7.x86_64
--> Processing Dependency: libipset.so.13()(64bit) for package: ipset-7.1-1.el7.x86_64
---> Package python-firewall.noarch 0:0.6.3-12.el7 will be installed
--> Processing Dependency: python-slip-dbus for package: python-firewall-0.6.3-12.el7.noarch
--> Running transaction check
---> Package ipset-libs.x86_64 0:7.1-1.el7 will be installed
---> Package python-slip-dbus.noarch 0:0.4.0-4.el7 will be installed
--> Processing Dependency: python-slip = 0.4.0-4.el7 for package: python-slip-dbus-0.4.0-4.el7.noarch
--> Running transaction check
---> Package python-slip.noarch 0:0.4.0-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
Package Arch Version Repository Size
=================================================================================================================
Installing:
firewalld noarch 0.6.3-12.el7 updates 448 k
Installing for dependencies:
ebtables x86_64 2.0.10-16.el7 base 123 k
firewalld-filesystem noarch 0.6.3-12.el7 updates 51 k
ipset x86_64 7.1-1.el7 base 39 k
ipset-libs x86_64 7.1-1.el7 base 64 k
python-firewall noarch 0.6.3-12.el7 updates 355 k
python-slip noarch 0.4.0-4.el7 base 31 k
python-slip-dbus noarch 0.4.0-4.el7 base 32 k

Transaction Summary
=================================================================================================================
Install 1 Package (+7 Dependent packages)

Total download size: 1.1 M
Installed size: 4.5 M
Is this ok [y/d/N]: y
Downloading packages:
(1/8): firewalld-filesystem-0.6.3-12.el7.noarch.rpm | 51 kB 00:00:00
(2/8): ebtables-2.0.10-16.el7.x86_64.rpm | 123 kB 00:00:00
(3/8): ipset-7.1-1.el7.x86_64.rpm | 39 kB 00:00:00
(4/8): ipset-libs-7.1-1.el7.x86_64.rpm | 64 kB 00:00:00
(5/8): python-slip-0.4.0-4.el7.noarch.rpm | 31 kB 00:00:00
(6/8): python-slip-dbus-0.4.0-4.el7.noarch.rpm | 32 kB 00:00:00
(7/8): firewalld-0.6.3-12.el7.noarch.rpm | 448 kB 00:00:00
(8/8): python-firewall-0.6.3-12.el7.noarch.rpm | 355 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.8 MB/s | 1.1 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ebtables-2.0.10-16.el7.x86_64 1/8
Installing : ipset-libs-7.1-1.el7.x86_64 2/8
Installing : ipset-7.1-1.el7.x86_64 3/8
Installing : python-slip-0.4.0-4.el7.noarch 4/8
Installing : python-slip-dbus-0.4.0-4.el7.noarch 5/8
Installing : python-firewall-0.6.3-12.el7.noarch 6/8
Installing : firewalld-filesystem-0.6.3-12.el7.noarch 7/8
Installing : firewalld-0.6.3-12.el7.noarch 8/8
Verifying : firewalld-0.6.3-12.el7.noarch 1/8
Verifying : ipset-7.1-1.el7.x86_64 2/8
Verifying : firewalld-filesystem-0.6.3-12.el7.noarch 3/8
Verifying : python-firewall-0.6.3-12.el7.noarch 4/8
Verifying : python-slip-0.4.0-4.el7.noarch 5/8
Verifying : python-slip-dbus-0.4.0-4.el7.noarch 6/8
Verifying : ipset-libs-7.1-1.el7.x86_64 7/8
Verifying : ebtables-2.0.10-16.el7.x86_64 8/8

Installed:
firewalld.noarch 0:0.6.3-12.el7

Dependency Installed:
ebtables.x86_64 0:2.0.10-16.el7 firewalld-filesystem.noarch 0:0.6.3-12.el7 ipset.x86_64 0:7.1-1.el7 ipset-libs.x86_64 0:7.1-1.el7 python-firewall.noarch 0:0.6.3-12.el7
python-slip.noarch 0:0.4.0-4.el7 python-slip-dbus.noarch 0:0.4.0-4.el7

Complete!
[root@centos ~]#
[root@centos ~]# systemctl start firewalld
[root@centos ~]# systemctl enable firewalld
[root@centos ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-12-16 09:03:03 UTC; 17s ago
Docs: man:firewalld(1)
Main PID: 3811 (firewalld)
CGroup: /system.slice/firewalld.service
└─3811 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Dec 16 09:03:03 centos.novalocal systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 16 09:03:03 centos.novalocal systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 16 09:03:03 centos.novalocal firewalld[3811]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in ...ng it now.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos ~]#

Step 3: Configure the firewall by creating a rule to all FTP traffic.

Run below command to allow or add FTP with port 21 and reload the service.

sudo firewall-cmd --zone=public --permanent --add-port=21/tcp
sudo firewall-cmd --zone=public --permanent --add-service=ftp
sudo firewall-cmd --reload

Sample Output

[root@centos ~]# sudo firewall-cmd --zone=public --permanent --add-port=21/tcp
success
[root@centos ~]# sudo firewall-cmd --zone=public --permanent --add-service=ftp
success
[root@centos ~]# sudo firewall-cmd --reload
success
[root@centos ~]#

Step 4: Configure VSFTPD 

locate vsftpd config file → ” /etc/vsftpd/vsftpd.conf “

Backup the current vsftpd conf file.

sudo cp -p /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.default

Edit the configuration, disable anonymous users, and allow local users.

vim /etc/vsftpd/vsftpd.conf

locate/find the below text and make the changes:

anonymous_enable=NO
local_enable=YES

Note: This is a crucial step. Anonymous access may be risky – you ought to avoid it unless you understand the risks.

Allow a logged-in user to upload files to your FTP server.

locate/find below the line and make the changes:

write_enable=YES

Configure FTP users to limit to their own home directory which is also known as jail or chroot jail.

chroot_local_user=YES
allow_writeable_chroot=YES

Use “user_sub_token” option for better security.

vsFTPd also provides a user list so that we can allow only specific/approved users. To use this option you need to enable “userlist_enable” entry as mentioned below.

userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO

locate to user_list file and allow the user to which you want to provide access please note only one user per line. If you want to deny a list of user then you need to set for option “userlist_deny” and the user which are in the list will be blocked.

Once you are done with the changes as per your requirement then you need to restart the vsftpd service.

Command to restart vsftpd service on CentOS

sudo systemctl restart vsftpd

Step 5: Create an FTP user

In this article, we are creating a user with a name “user1test” but you can create as per your requirement.

sudo adduser user1test
sudo passwd user1test

how to install and configure vsFTPd on CentOS 7

Sample Output:

[root@centos ~]# sudo adduser user1test
[root@centos ~]# sudo passwd user1test
Changing password for user user1test.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@centos ~]#

Add user to the user list file “/etc/vsftpd/user_list”.

Run below command to create the required directory and permissions

sudo mkdir -p /home/user1test/ftp/upload
sudo chmod 550 /home/user1test/ftp
sudo chmod 750 /home/user1test/ftp/upload
sudo chown -R user1test: /home/user1test/ftp

Sample Output

[root@centos ~]# sudo mkdir -p /home/user1test/ftp/upload
[root@centos ~]# sudo chmod 550 /home/user1test/ftp
[root@centos ~]# sudo chmod 750 /home/user1test/ftp/upload
[root@centos ~]# sudo chown -R user1test: /home/user1test/ftp
[root@centos ~]#

Step 6: Configure SELinux to secure FTP Server

Allow FTP to read/write files from user’s home directory.

setsebool -P <user’s-home-dir> on

semanage boolean -m ftpd_full_access --on

Sample Output:

[root@centos ~]# setsebool -P /home/user1test/ on
Boolean /home/user1test/ is not defined
[root@centos ~]# semanage boolean -m ftpd_full_access --on
[root@centos ~]#

Now connect to FTP server with the user which you have created.

ftp <ftp-server-ip>

or 

ftp command is not installed run the below command.

yum install ftp -y

How to test ftp locally.

ftp localhost

how to install and configure vsFTPd on CentOS 7

Congratulations! You have now installed and configured vsFTPd on CentOS 7. You can now use this secure and reliable FTP server to transfer files between different computers.

Troubleshooting steps:

Error: 421 Service not available, remote server has closed connection

Solution: 

  1. Either you turn off SELinux (not recommended) 
  2. Perform the SELinux Steps as mentioned in the above steps

FAQ’s

Q: What is vsFTPd?

A: vsFTPd is a popular open-source FTP server that provides a secure and reliable way to transfer files between computers.

Q: What operating systems can vsFTPd be installed on?

A: vsFTPd can be installed on a variety of Linux and Unix operating systems, including CentOS, Ubuntu, Debian, and Red Hat Enterprise Linux.

Q: Is vsFTPd secure?

A: Yes, vsFTPd is considered to be a very secure FTP server. It includes many security features, such as chroot jail, SSL/TLS encryption, and IP-based access control.

Q: Can vsFTPd be used to transfer files anonymously?

A: Yes, vsFTPd can be configured to allow anonymous FTP connections. However, this is generally not recommended for security reasons.

Q: What FTP clients can be used to connect to vsFTPd?

A: Any FTP client can be used to connect to vsFTPd. Some popular FTP clients include FileZilla, WinSCP, and Cyberduck.

Q: How do I configure vsFTPd to allow local users to access the FTP server?

A: In the vsFTPd configuration file, set the “local_enable” option to “YES”.

Q: How do I configure vsFTPd to restrict users to their home directories?

A: In the vsFTPd configuration file, set the “chroot_local_user” option to “YES”.

Q: How do I start and stop the vsFTPd service?

A: To start the vsFTPd service, use the command “sudo systemctl start vsftpd”. To stop the vsFTPd service, use the command “sudo systemctl stop vsftpd”.

Q: Can vsFTPd be used with a firewall?

A: Yes, vsFTPd can be used with a firewall. You will need to configure your firewall to allow FTP traffic.

Q: Is vsFTPd suitable for use in a production environment?

A: Yes, vsFTPd is commonly used in production environments and is considered to be a stable and reliable FTP server.

End of article. you have learned how to install and configure vsFTPd on CentOS 7.

See Also:

How to install Redis on Amazon Linux or CentOS

Steps to install Memcached in Centos or RHEL or Ubuntu

Google Cloud Blogs

Linux Blogs

AWS Cloud Blogs

Database Blogs

DevOps Blogs

Interview Questions & Answers

Docker Blogs