FTP on CentOS 6 or RHEL 6

It seems that CentOS is depending on the official RHEL documentation for version 6.x. For FTP Server configuration (vsftpd), see the official Red Hat 6.x FTP Server Document. Some hints for CentOS 6.x minimal install:

# install ftp server package and firewall tool
yum install vsftpd system-config-firewall-tui
# allow chroot of ftp user to home directory
# selinux PERSISTENT policy stays after reboot
setsebool -P ftp_home_dir on
# use firewall tool to allow ftp connections (text user interface)
# start ftp server when system boots
chkconfig vsftpd on
# create special ftp-only user (/sbin/nologin prevents shell access)
groupadd testftp
useradd -g testftp -s /sbin/nologin -c "ftp-only test user" testftp
passwd testftp
# update ftp server config to chroot our test user
vi /etc/vsftpd/vsftpd.conf
# un-comment: chroot_list_enable=YES
# un-comment: chroot_list_file=/etc/vsftpd/chroot_list
# disable anonymous with: anonymous_enable=NO
# save changes and close file
# add one line for each user we want to chroot
echo "testftp" >> /etc/vsftpd/chroot_list
# start service after finishing config
service vsftpd start

Verify your configuration changes with commands like the following:

getsebool ftp_home_dir
grep -H ftp /etc/selinux/*/modules/active/boolean*
chkconfig --list vsftpd
service vsftpd status
egrep 'chroot_list|anonymous_enable' /etc/vsftpd/vsftpd.conf
cat /etc/vsftpd/chroot_list
iptables -nvL

Related Documentation:

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Linux and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s