Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
ftp:quick-secure-ftp-server [2011-05-13 23:06:10]
garrett.plasky Approved 		ftp:quick-secure-ftp-server [2011-05-13 23:07:10]
garrett.plasky Approved
Line 9: Line 9:
 Installing VSFTP is done by simply grabbing it through yum: Installing VSFTP is done by simply grabbing it through yum:
  
-<sxh plain>yum -y install vsftpd</sxh>+<sxh bash>yum -y install vsftpd</sxh>
 ==== Configuration ==== ==== Configuration ====
  
 To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7: To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7:
  
-  - Create an FTP user group <sxh plain>groupadd ftp</sxh> +  - Create an FTP user group <sxh bash>groupadd ftp</sxh> 
-  - Modify the command below to suit your desires. We used "ftp" as the group, "user" as the username, and "/home/user" as the home directory for the account <sxh plain>useradd -g ftp -d /home/user/ -c "user" user</sxh> +  - Modify the command below to suit your desires. We used "ftp" as the group, "user" as the username, and "/home/user" as the home directory for the account <sxh bash>useradd -g ftp -d /home/user/ -c "user" user</sxh> 
-  - Set the user's password <sxh plain>passwd user</sxh> +  - Set the user's password <sxh bash>passwd user</sxh> 
-  - Create a fake shell for the ftp service <sxh plain>touch /bin/ftp</sxh>+  - Create a fake shell for the ftp service <sxh bash>touch /bin/ftp</sxh>
   - Edit <c>/etc/shells</c> and add that fake shell (<c>/bin/ftp</c>) to the last line.   - Edit <c>/etc/shells</c> and add that fake shell (<c>/bin/ftp</c>) to the last line.
-  - Next edit <c>/etc/passwd</c> and add the fake shell to the user <sxh plain>user:x:500:50: user :/home/user:/bin/ftp</sxh>+  - Next edit <c>/etc/passwd</c> and add the fake shell to the user <sxh bash>user:x:500:50: user :/home/user:/bin/ftp</sxh>
   - Check the user is listed in <c>/etc/vsftpd.chroot_list</c> but not in <c>/etc/vsftpd/user_list</c> or <c>/etc/vsftpd/ftpusers</c> as they will be unable to access the server if so.   - Check the user is listed in <c>/etc/vsftpd.chroot_list</c> but not in <c>/etc/vsftpd/user_list</c> or <c>/etc/vsftpd/ftpusers</c> as they will be unable to access the server if so.
-  - In the VSFTP config file <c>/etc/vsftpd/vsftpd.conf</c> activate the following in order to jail users: <sxh plain>chroot_list_enable=YES</sxh>+  - In the VSFTP config file <c>/etc/vsftpd/vsftpd.conf</c> activate the following in order to jail users: <sxh bash>chroot_list_enable=YES</sxh>
  
 ==== Finalize ==== ==== Finalize ====
 Start the FTP service: Start the FTP service:
  
-<sxh plain>/etc/init.d/vsftpd start</sxh>+<sxh bash>/etc/init.d/vsftpd start</sxh>
  
 We also do not recommend running SELinux with VSFTP: We also do not recommend running SELinux with VSFTP:
  
-<sxh plain>echo 0 > /selinux/disable</sxh>+<sxh bash>echo 0 > /selinux/disable</sxh>
  
 Also if you are running a firewall via iptables, you will need to poke a hole for the service: Also if you are running a firewall via iptables, you will need to poke a hole for the service:
  
-<sxh plain>iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT+<sxh bash>iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
 # iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT # iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 # iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT