Installing and configuring vsFTPD
This article describes how to install and configure a vsFTPD server on CentOS®, Red Hat® Enterprise Linux® (RHEL), and Ubuntu®.
Note: You must be logged in through SSH as the root user to use the instructions in this article.
Use the following commands on the different Linux® distributions to install a vsFTPD server:
CentOS and RHEL
yum -y install vsftpd
apt-get install vsftpd
The installation process generates a configuration file. For CentOS and RHEL, the file is named /etc/vsftpd/vsftpd.conf, and for Ubuntu, the file is named /etc/vsftpd.conf. Use the instructions in the following sections to configure the settings in the vsFTPD configuration file.
Open the vsFTPD configuration file in a file editor or by using
vi, and replace the contents of the file
with the following lines:
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES pasv_min_port=60000 pasv_max_port=65000
If you want to enable chroot jails, add the following lines at the bottom of the configuration file:
chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
You must create a vsftp.chroot_list file and put any users in it who are not chrooted. All users are chrooted by default. You must create the file even if you don’t have any users to put in it.
Note: For Ubuntu, the line for the chroot list file is
If you want to enable a user to use file access control lists (FACLs) or a set a group permission by default, add the following lines at the bottom of the configuration file:
Here, you can change
file_open_mode to 0775, 0664, and so on to meet your basic permission needs. You might not need to combine it with umask, depending on what you want to do.
Umask removes permissions from the files. For example, a file with 777 becomes 755 with a umask of 022 (the default). This restricts access for security purposes. Some people mistakenly set the umask to 000, thinking that the files will then show up as 777. This distinction is important. While
file_open_mode tells vsFTPD the default permissions to use, umask only takes away permissions, it can never grant them.
Restart and enable vsFTPD
After you edit the configuation file, you must restart the vsFTPD service for the changes to take effect. Use the following command to restart vsFTPD on CentOS, RHEL, and Ubuntu:
systemctl restart vsftpd
After vsFTPD restarts, you should also configure it to start when the server boots. Use the following command to enable vsFTPD to start at boot on CentOS, RHEL, and Ubuntu:
systemctl enable vsftpd
Allow vsFTPD through the firewall
The final step is to allow vsFTPD through your server firewall by using the following commands on the different Linux distributions:
CentOS and RHEL
iptables -I RH-Firewall-1-INPUT -p tcp --dport 21 -m comment --comment "FTP" -j ACCEPT iptables -I RH-Firewall-1-INPUT -p tcp -m multiport --dports 60000:65000 -m comment --comment "FTP passive mode ports" -j ACCEPT /etc/init.d/iptables save
ufw allow 21 ufw allow proto tcp from any to any port 60000:65000
©2019 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License