Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
ftp:quick-secure-ftp-server [2010-09-03 00:13:03]
garrett.plasky Approved 		ftp:quick-secure-ftp-server [2011-05-13 23:06:35]
garrett.plasky Approved
Line 9: Line 9:
 Installing VSFTP is done by simply grabbing it through yum: Installing VSFTP is done by simply grabbing it through yum:
  
-<code console>yum -y install vsftpd</code>+<sxh plain>yum -y install vsftpd</sxh>
 ==== Configuration ==== ==== Configuration ====
  
 To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7: To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7:
  
-  - Create an FTP user group <code console>groupadd ftp</code+  - Create an FTP user group <sxh plain>groupadd ftp</sxh
-  - Modify the command below to suit your desires. We used "ftp" as the group, "user" as the username, and "/home/user" as the home directory for the account <code console>useradd -g ftp -d /home/user/ -c "user" user</code+  - Modify the command below to suit your desires. We used "ftp" as the group, "user" as the username, and "/home/user" as the home directory for the account <sxh plain>useradd -g ftp -d /home/user/ -c "user" user</sxh
-  - Set the user's password <code console>passwd user</code+  - Set the user's password <sxh plain>passwd user</sxh
-  - Create a fake shell for the ftp service <code console>touch /bin/ftp</code>+  - Create a fake shell for the ftp service <sxh plain>touch /bin/ftp</sxh>
   - Edit <c>/etc/shells</c> and add that fake shell (<c>/bin/ftp</c>) to the last line.   - Edit <c>/etc/shells</c> and add that fake shell (<c>/bin/ftp</c>) to the last line.
-  - Next edit <c>/etc/passwd</c> and add the fake shell to the user <code>user:x:500:50: user :/home/user:/bin/ftp</code>+  - Next edit <c>/etc/passwd</c> and add the fake shell to the user <sxh plain>user:x:500:50: user :/home/user:/bin/ftp</sxh>
   - Check the user is listed in <c>/etc/vsftpd.chroot_list</c> but not in <c>/etc/vsftpd/user_list</c> or <c>/etc/vsftpd/ftpusers</c> as they will be unable to access the server if so.   - Check the user is listed in <c>/etc/vsftpd.chroot_list</c> but not in <c>/etc/vsftpd/user_list</c> or <c>/etc/vsftpd/ftpusers</c> as they will be unable to access the server if so.
-  - In the VSFTP config file <c>/etc/vsftpd/vsftpd.conf</c> activate the following in order to jail users: <code>chroot_list_enable=YES</code>+  - In the VSFTP config file <c>/etc/vsftpd/vsftpd.conf</c> activate the following in order to jail users: <sxh plain>chroot_list_enable=YES</sxh>
  
 ==== Finalize ==== ==== Finalize ====
 Start the FTP service: Start the FTP service:
  
-<code console>/etc/init.d/vsftpd start</code>+<sxh plain>/etc/init.d/vsftpd start</sxh>
  
 We also do not recommend running SELinux with VSFTP: We also do not recommend running SELinux with VSFTP:
  
-<code console>echo 0 > /selinux/disable</code>+<sxh plain>echo 0 > /selinux/disable</sxh>
  
 Also if you are running a firewall via iptables, you will need to poke a hole for the service: Also if you are running a firewall via iptables, you will need to poke a hole for the service:
  
-<code console>iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT +<sxh plain>iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT 
-iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT 
-iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT 
-iptables -A OUTPUT -p tcp --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -p tcp --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT 
-iptables -A OUTPUT -p tcp --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A OUTPUT -p tcp --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT 
-iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT</code>+iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT</sxh>
    
 That's it! You now have a working and secure FTP server that can be accessed from anywhere! That's it! You now have a working and secure FTP server that can be accessed from anywhere!
 {{tag>how-to ftp centos}} {{tag>how-to ftp centos}}