AlmaLinuxRHEL Based

How To Install FTP Server on AlmaLinux 9

r00t

Install FTP Server on AlmaLinux 9

File Transfer Protocol (FTP) remains a popular method for transferring files between computers over a network. While there are newer alternatives, FTP’s simplicity and wide support make it a go-to choice for many scenarios. AlmaLinux 9, a robust and stable Linux distribution, provides an excellent platform for hosting an FTP server.

VSFTPD, our chosen FTP server software, is known for its security features and performance. It’s the default FTP server for many Linux distributions, including AlmaLinux. By the end of this guide, you’ll have a fully functional and secure FTP server running on your AlmaLinux 9 system.

Prerequisites

Before we dive into the installation process, ensure you have the following:

  • A machine running AlmaLinux 9 with root or sudo access
  • Basic familiarity with Linux command-line operations
  • A stable internet connection for package downloads
  • Minimum system requirements: 1 CPU core, 1GB RAM, and 10GB storage

With these prerequisites in place, let’s begin the installation process.

Installing VSFTPD

AlmaLinux 9 uses the DNF package manager, making software installation straightforward. Follow these steps to install VSFTPD:

  1. Open a terminal window.
  2. Update your system packages: 
    sudo dnf update -y
  3. Install VSFTPD: 
    sudo dnf install vsftpd -y
  4. Start the VSFTPD service: 
    sudo systemctl start vsftpd
  5. Enable VSFTPD to start on boot: 
    sudo systemctl enable vsftpd
  6. Verify the installation status: 
    sudo systemctl status vsftpd

If you see “active (running)” in the output, congratulations! VSFTPD is now installed and running on your AlmaLinux 9 system.

Basic VSFTPD Configuration

With VSFTPD installed, it’s time to configure it for secure and efficient operation. The main configuration file is located at /etc/vsftpd/vsftpd.conf. Let’s make some essential changes:

  1. Open the configuration file in your preferred text editor: 
    sudo nano /etc/vsftpd/vsftpd.conf
  2. Modify or add the following lines: 
    anonymous_enable=NO local_enable=YES write_enable=YES chroot_local_user=YES allow_writeable_chroot=YES pasv_min_port=40000 pasv_max_port=50000
  3. Save the file and exit the editor.
  4. Restart VSFTPD to apply the changes: 
    sudo systemctl restart vsftpd

These settings disable anonymous access, enable local user logins, allow write operations, and confine users to their home directories for added security.

User Management

Now, let’s set up FTP users:

  1. Create a new user: 
    sudo adduser ftpuser
  2. Set a password for the user: 
    sudo passwd ftpuser
  3. Create an FTP directory for the user: 
    sudo mkdir /home/ftpuser/ftp sudo chown nobody:nobody /home/ftpuser/ftp sudo chmod a-w /home/ftpuser/ftp
  4. Create a directory for file uploads: 
    sudo mkdir /home/ftpuser/ftp/files sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files

These commands create a secure FTP environment for the new user, with a dedicated upload directory.

Firewall Configuration

AlmaLinux 9 uses firewalld for managing the firewall. To allow FTP traffic, follow these steps:

  1. Open the FTP service in the firewall: 
    sudo firewall-cmd --add-service=ftp --permanent
  2. Open the passive FTP port range: 
    sudo firewall-cmd --add-port=40000-50000/tcp --permanent
  3. Reload the firewall to apply changes: 
    sudo firewall-cmd --reload

These commands ensure that both active and passive FTP connections can pass through the firewall.

Security Enhancements

Security should be a top priority when setting up any server. Let’s implement some additional security measures for our FTP server.

SSL/TLS Implementation

Enabling SSL/TLS encryption secures data transfers between the client and server. Here’s how to set it up:

  1. Generate an SSL certificate: 
    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
  2. Edit the VSFTPD configuration file: 
    sudo nano /etc/vsftpd/vsftpd.conf
  3. Add or modify the following lines: 
    ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem rsa_private_key_file=/etc/vsftpd/vsftpd.pem
  4. Save the file and restart VSFTPD: 
    sudo systemctl restart vsftpd

These settings enable FTPS (FTP over SSL/TLS) for secure file transfers.

Access Control

Implementing access control measures adds an extra layer of security:

  1. To restrict FTP access to specific IP addresses, add the following to vsftpd.conf: 
    tcp_wrappers=YES
  2. Create or edit /etc/hosts.allow: 
    vsftpd: 192.168.1.0/24
  3. Create or edit /etc/hosts.deny: 
    vsftpd: ALL

This configuration allows FTP access only from the 192.168.1.0/24 subnet and denies all other connections.

Testing and Verification

After configuring your FTP server, it’s crucial to test its functionality. We’ll use both command-line and GUI methods for comprehensive testing.

Command Line Testing

  1. Install the FTP client: 
    sudo dnf install ftp -y
  2. Connect to your FTP server: 
    ftp localhost
  3. Log in with your FTP user credentials.
  4. Try uploading and downloading files: 
    put testfile.txt get testfile.txt
  5. Exit the FTP session: 
    bye

GUI Client Setup

For a graphical interface, FileZilla is a popular choice:

  1. Install FileZilla on your local machine.
  2. Open FileZilla and enter your server details:
    • Host: Your server’s IP address or domain
    • Username: Your FTP username
    • Password: Your FTP password
    • Port: 21 (or 990 for FTPS)
  3. Click “Quickconnect” to establish a connection.
  4. Try uploading and downloading files using the GUI interface.

If you encounter any issues during testing, double-check your configuration files and firewall settings.

Advanced Configuration

For more fine-grained control over your FTP server, consider these advanced configurations:

Bandwidth Limiting

To prevent a single user from consuming all available bandwidth, add these lines to vsftpd.conf:

anon_max_rate=30000 local_max_rate=50000

This limits anonymous users to 30 KB/s and local users to 50 KB/s.

Anonymous FTP Access

If you need to allow anonymous access, add or modify these lines in vsftpd.conf:

anonymous_enable=YES anon_upload_enable=NO anon_mkdir_write_enable=NO

This enables anonymous access but disables uploads and directory creation for anonymous users.

Custom Welcome Messages

Create a custom welcome message by adding this line to vsftpd.conf:

ftpd_banner=Welcome to our FTP server!

Logging and Monitoring

Enable detailed logging by adding or modifying these lines in vsftpd.conf:

xferlog_enable=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES log_ftp_protocol=YES

These settings enable comprehensive logging of FTP activities, which is crucial for security monitoring and troubleshooting.

Performance Optimization

To ensure your FTP server runs efficiently, consider these performance tweaks:

Transfer Speed Optimization

Add or modify these lines in vsftpd.conf:

async_abor_enable=YES one_process_model=YES

These settings can improve transfer speeds and server responsiveness.

Connection Limits

To prevent server overload, set connection limits:

max_clients=50 max_per_ip=5

This limits the total number of clients to 50 and the maximum connections from a single IP to 5.

Resource Management

Monitor your server’s resource usage regularly using tools like top or htop. If you notice high CPU or memory usage, consider upgrading your server resources or further optimizing your VSFTPD configuration.

Congratulations! You have successfully installed the FTP server. Thanks for using this tutorial for installing the FTP server on AlmaLinux 9 system. For additional help or useful information, we recommend you check the official VSFTPD website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button