Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ftp:quick-secure-ftp-server [2011-05-13 23:06:35] garrett.plasky Approved |
ftp:quick-secure-ftp-server [2011-05-13 23:07:29] garrett.plasky Approved |
||
---|---|---|---|
Line 9: | Line 9: | ||
Installing VSFTP is done by simply grabbing it through yum: | Installing VSFTP is done by simply grabbing it through yum: | ||
- | < | + | < |
==== Configuration ==== | ==== Configuration ==== | ||
To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7: | To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7: | ||
- | - Create an FTP user group < | + | - Create an FTP user group < |
- | - Modify the command below to suit your desires. We used " | + | - Modify the command below to suit your desires. We used " |
- | - Set the user's password < | + | - Set the user's password < |
- | - Create a fake shell for the ftp service < | + | - Create a fake shell for the ftp service < |
- Edit < | - Edit < | ||
- | - Next edit < | + | - Next edit < |
- Check the user is listed in < | - Check the user is listed in < | ||
- | - In the VSFTP config file < | + | - In the VSFTP config file < |
==== Finalize ==== | ==== Finalize ==== | ||
Start the FTP service: | Start the FTP service: | ||
- | < | + | < |
We also do not recommend running SELinux with VSFTP: | We also do not recommend running SELinux with VSFTP: | ||
- | < | + | < |
Also if you are running a firewall via iptables, you will need to poke a hole for the service: | Also if you are running a firewall via iptables, you will need to poke a hole for the service: | ||
- | < | + | < |
iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | ||
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED, | iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED, |