Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
ftp:quick-secure-ftp-server [2011-05-13 23:06:35]
garrett.plasky Approved
ftp:quick-secure-ftp-server [2011-05-13 23:07:10]
garrett.plasky Approved
Line 9: Line 9:
 Installing VSFTP is done by simply grabbing it through yum: Installing VSFTP is done by simply grabbing it through yum:
  
-<sxh plain>yum -y install vsftpd</sxh>+<sxh bash>yum -y install vsftpd</sxh>
 ==== Configuration ==== ==== Configuration ====
  
 To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7: To configure VSFTP for a single user access, follow these steps below; more can be added by repeating steps 2-7:
  
-  - Create an FTP user group <sxh plain>groupadd ftp</sxh> +  - Create an FTP user group <sxh bash>groupadd ftp</sxh> 
-  - Modify the command below to suit your desires. We used "ftp" as the group, "user" as the username, and "/home/user" as the home directory for the account <sxh plain>useradd -g ftp -d /home/user/ -c "user" user</sxh> +  - Modify the command below to suit your desires. We used "ftp" as the group, "user" as the username, and "/home/user" as the home directory for the account <sxh bash>useradd -g ftp -d /home/user/ -c "user" user</sxh> 
-  - Set the user's password <sxh plain>passwd user</sxh> +  - Set the user's password <sxh bash>passwd user</sxh> 
-  - Create a fake shell for the ftp service <sxh plain>touch /bin/ftp</sxh>+  - Create a fake shell for the ftp service <sxh bash>touch /bin/ftp</sxh>
   - Edit <c>/etc/shells</c> and add that fake shell (<c>/bin/ftp</c>) to the last line.   - Edit <c>/etc/shells</c> and add that fake shell (<c>/bin/ftp</c>) to the last line.
-  - Next edit <c>/etc/passwd</c> and add the fake shell to the user <sxh plain>user:x:500:50: user :/home/user:/bin/ftp</sxh>+  - Next edit <c>/etc/passwd</c> and add the fake shell to the user <sxh bash>user:x:500:50: user :/home/user:/bin/ftp</sxh>
   - Check the user is listed in <c>/etc/vsftpd.chroot_list</c> but not in <c>/etc/vsftpd/user_list</c> or <c>/etc/vsftpd/ftpusers</c> as they will be unable to access the server if so.   - Check the user is listed in <c>/etc/vsftpd.chroot_list</c> but not in <c>/etc/vsftpd/user_list</c> or <c>/etc/vsftpd/ftpusers</c> as they will be unable to access the server if so.
-  - In the VSFTP config file <c>/etc/vsftpd/vsftpd.conf</c> activate the following in order to jail users: <sxh plain>chroot_list_enable=YES</sxh>+  - In the VSFTP config file <c>/etc/vsftpd/vsftpd.conf</c> activate the following in order to jail users: <sxh bash>chroot_list_enable=YES</sxh>
  
 ==== Finalize ==== ==== Finalize ====
 Start the FTP service: Start the FTP service:
  
-<sxh plain>/etc/init.d/vsftpd start</sxh>+<sxh bash>/etc/init.d/vsftpd start</sxh>
  
 We also do not recommend running SELinux with VSFTP: We also do not recommend running SELinux with VSFTP:
  
-<sxh plain>echo 0 > /selinux/disable</sxh>+<sxh bash>echo 0 > /selinux/disable</sxh>
  
 Also if you are running a firewall via iptables, you will need to poke a hole for the service: Also if you are running a firewall via iptables, you will need to poke a hole for the service:
  
-<sxh plain>iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT +<sxh bash>iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT 
-iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -p tcp --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT 
-iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT 
-iptables -A OUTPUT -p tcp --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +iptables -A OUTPUT -p tcp --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT 
-iptables -A OUTPUT -p tcp --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A OUTPUT -p tcp --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT 
-iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT</sxh>+iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT</sxh>
    
 That's it! You now have a working and secure FTP server that can be accessed from anywhere! That's it! You now have a working and secure FTP server that can be accessed from anywhere!
 {{tag>how-to ftp centos}} {{tag>how-to ftp centos}}