jump to navigation

Configuring vsftpd FTP-server for authenticated users on CentOs 5.x February 11, 2011

Posted by Tournas Dimitrios in Linux.

This article assumes that you  are familiar with the concepts of FTP . Actually installing and enabling the vsftpd package is “out of the box ” , but by default it is configured to have un-authenticated transactions . Users can log-in with the default username “anonymous” and a random  password . If the server is accessible from a hostile network (internet) , this default configuration is a high risk , because unknown persons can upload files ( illegal software , images , music)  for the world to download . 

Configuring the FTP server for authenticated log-in is simple , so let see how to do it in 7 steps . In this example we will set up a group of trusted users with username and password .

  1. Disable anonymous FTP : Comment out the “anonymous_enable ” directive line in the vsftpd.conf file ( /etc/vsftpd/vsftpd.conf)  .
    #Allow anonymous FTP?
  2. Enable individual logins by making sure you have the “local_enable” directive line like uncomented in the vsftpd.conf file
    #Uncomment this to allow local users to log in.
  3. Restart vsftpd  for the configurations to take action .
    service  vsftpd  restart
  4. Create a user group and directory . In this case , use /home/ftp-users  and user group name of ftp-users for the remote users .
    groupadd   ftp-users
    mkdir  /home/ftp-users
  5. Add users , and make their default directory  /home/ftp-users
    useradd -g ftp-users  -d  /home/ftp-users   user1
    useradd -g ftp-users  -d  /home/ftp-users   user2
    useradd -g ftp-users  -d  /home/ftp-users   user3
    passwd  user1
    passwd  user2
    passwd  user3
  6. Copy files to be downloaded by your users into the /home/ftp-users directory
  7. Change the permissions of the files in the /home/ftp-users for read only access by the group
    chown root:ftp-users  /home/ftp-users/*
    chmod  740  /home/ftp-users/*

Users should now be able to log in via FTP to the server using their new usernames and passwords. If you absolutely don’t wnat any FTP users to be able to write to any directory , then you should set the “write_enable ” directive line in your vsftpd.conf file to NO
Of course remember to restart the server ,so that the configuration file changes to take plase .



Readings :

  • must read the ” man vsftpd.conf


1. Vijay Kumar - July 26, 2012

thanks a lot Mr. Dimitrios,nice post..it helps a lot.
i am facing a issue that ftp user can easily go back and in any directory of /(file system) through Up to higher level directory. can we stop ftp user for only a single directory like only /home/ftp-users.
please help me to resolve this issue.
thanks again for this nice blog. 🙂

tournasdimitrios1 - July 26, 2012

@Vijay Kumar
According the man page “man vsftpd.conf” , the chroot_list_enable=yess directive will do the job . First configure vsftpd.conf , by un-commenting the aforementioned directive . Secondly , write into /etc/vsftpd/user-list all user-names that has to be set in a Chroot environment . And lastly restart the server : service vsftpd restart

2. Vijay Kumar - July 26, 2012

thanks a lot for your quick response,but after changed according to your mention i got this error with popup box on firefox.
another thing is that when i can’t upload the file on ftp through filezilla then i am getting error is “critical file transfer error”.

please help me to resolve this issue.thanks a lot in advance.

3. Vijay Kumar - July 26, 2012

soory i forget the error when i made the change according to your second post.. “530 permission denied.”

4. Vijay Kumar - July 26, 2012

Regarding upload the file i remove the ## comment from line num. 27 anon_upload_enable=YES
but can’t successed. kidnly help me to resolve this problem.

tournasdimitrios1 - July 26, 2012

@Vijay Kumar
These are the changes I made on my local CentOs 5.7 Box :
1) Un-Comment : Chroot_list_files=/etc/vsftpd/chroot_list
2)Write the following directive : Chroot_local_user=YES
3)Comment the directive : chroot_list_enable=YES
4)RESTART VSFTPD : service vsftpd restart
I made the test on my Home-network with :
a) With a Linux CentOs Box
b) Windows XP/7 (Command line “cmd”)
c)Windows XP/7 WinSCP (FTP-Client)
On windows , you will be asked to allow the firewall to open the proper port , just accept it .
Hope , it helps . Let me know 🙂

Vijay Kumar - July 26, 2012

thank you sir now all things are going well but i can’t upload the file in /home/ftp-users directory. so sir please help me how can i upload the file?

tournasdimitrios1 - July 27, 2012

Have a look at my vsftpd’s configuration file . Compair it with yours . I made the test on my development environment and everything works as expected ( chroot-environment and uploads ) . Check the permissions that you have given to the specific user’s directory .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s