CentOSRHEL Based

How To Install FTP Server on CentOS Stream 10

r00t

Install FTP Server on CentOS Stream 10

In this tutorial, we will show you how to install FTP Server on CentOS Stream 10. File Transfer Protocol (FTP) remains a crucial tool for managing files on remote servers. This comprehensive guide will walk you through the process of installing and configuring an FTP server on CentOS Stream 10 using VSFTPD (Very Secure FTP Daemon). Whether you’re a system administrator or a curious enthusiast, this tutorial will equip you with the knowledge to set up a secure and efficient FTP server.

Prerequisites

Before we dive into the installation process, ensure you have the following:

  • A CentOS Stream 10 system with root or sudo access
  • Basic familiarity with the command line interface
  • A stable internet connection for package downloads
  • Firewall software (like firewalld) installed and running

Installing VSFTPD

Let’s begin by installing the VSFTPD package on your CentOS Stream 10 system.

Package Installation

Open your terminal and execute the following command:

sudo dnf install vsftpd -y

This command uses the DNF package manager to install VSFTPD and automatically answers “yes” to any prompts.

Service Activation

After installation, we need to start the VSFTPD service and enable it to launch automatically on system boot:

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

To verify that the service is running correctly, use:

sudo systemctl status vsftpd

You should see output indicating that the service is active and running.

Initial Configuration Location

The main configuration file for VSFTPD is located at /etc/vsftpd/vsftpd.conf. We’ll be modifying this file later to customize our FTP server.

Basic Configuration

Now that VSFTPD is installed, let’s configure it to suit our needs.

Essential Settings

First, let’s create a backup of the original configuration file:

sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak

Now, open the configuration file in your preferred text editor:

sudo nano /etc/vsftpd/vsftpd.conf

Here are some core configuration parameters you should consider:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Let’s break down these settings:

  • anonymous_enable=NO: Disables anonymous logins
  • local_enable=YES: Allows local users to log in
  • write_enable=YES: Permits write commands for logged-in users
  • local_umask=022: Sets the default umask for file creation
  • dirmessage_enable=YES: Enables directory welcome messages
  • xferlog_enable=YES: Enables logging of uploads and downloads
  • connect_from_port_20=YES: Uses port 20 (ftp-data) for PORT style connections
  • chroot_local_user=YES: Restricts local users to their home directories
  • listen=NO and listen_ipv6=YES: Configures VSFTPD to listen on IPv6 sockets
  • pam_service_name=vsftpd: Specifies the PAM service name for VSFTPD
  • userlist_enable=YES: Enables the user list feature
  • tcp_wrappers=YES: Enables TCP wrappers for added security

Security Settings

To enhance security, consider adding these lines to your configuration:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

These settings enable SSL/TLS encryption for data transfers and logins, improving the overall security of your FTP server.

Anonymous Access Configuration

If you need to allow anonymous access (not recommended for most scenarios), you can set:

anonymous_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO

This allows anonymous users to download files but not upload or create directories.

Local User Access Settings

To further control local user access, you can add:

userlist_file=/etc/vsftpd/user_list
userlist_deny=NO

This configuration uses the /etc/vsftpd/user_list file to specify which local users are allowed to access the FTP server.

Firewall Configuration

Configuring your firewall is crucial for allowing FTP traffic to reach your server.

Security Setup

If you’re using firewalld (the default on CentOS Stream 10), you can open the necessary ports with these commands:

sudo firewall-cmd --add-service=ftp --permanent
sudo firewall-cmd --add-port=21/tcp --permanent
sudo firewall-cmd --reload

These commands open port 21 for FTP control connections and allow the FTP service through the firewall.

SELinux Considerations

If SELinux is enabled on your system (which is the default), you’ll need to configure it to allow VSFTPD to function correctly:

sudo setsebool -P ftpd_full_access on

This command allows VSFTPD full access to the file system.

Testing Connectivity

After configuring your firewall and SELinux, test the connectivity to ensure everything is working:

nc -vz localhost 21

If successful, you should see a message indicating that the connection to port 21 was established.

User Management

Proper user management is essential for maintaining a secure FTP server.

User Setup

To create a new FTP user, use the following commands:

sudo adduser ftpuser
sudo passwd ftpuser

Replace “ftpuser” with your desired username.

Setting User Permissions

To restrict the FTP user to a specific directory:

sudo mkdir -p /home/ftpuser/ftp
sudo chown nobody:nobody /home/ftpuser/ftp
sudo chmod a-w /home/ftpuser/ftp
sudo mkdir /home/ftpuser/ftp/files
sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files

This creates a structure where the user can access and modify files in the “files” directory but cannot navigate outside of their FTP root.

Directory Structure Creation

You may want to create additional directories for organization:

sudo mkdir -p /home/ftpuser/ftp/files/{uploads,downloads,shared}
sudo chown -R ftpuser:ftpuser /home/ftpuser/ftp/files

Access Restrictions

To limit FTP access to specific users, edit the /etc/vsftpd/user_list file:

sudo nano /etc/vsftpd/user_list

Add the usernames of allowed users, one per line.

Advanced Configuration

For users requiring more control over their FTP server, here are some advanced configuration options.

Passive Mode Configuration

To enable passive mode FTP, which is often necessary for clients behind firewalls, add these lines to your vsftpd.conf:

pasv_enable=YES
pasv_min_port=30000
pasv_max_port=31000

Don’t forget to open these ports in your firewall:

sudo firewall-cmd --add-port=30000-31000/tcp --permanent
sudo firewall-cmd --reload

Bandwidth Limiting

To prevent a single user from consuming all available bandwidth, you can set transfer rate limits:

local_max_rate=500000

This limits the transfer rate to 500 KB/s for local users.

Connection Restrictions

To limit the number of simultaneous connections:

max_clients=10
max_per_ip=2

This allows a maximum of 10 clients overall, with no more than 2 connections from the same IP address.

Logging and Monitoring

Enhance your logging capabilities with these settings:

xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
log_ftp_protocol=YES

These options enable detailed logging of FTP activities.

Chroot Jail Implementation

To further restrict users to their home directories:

chroot_local_user=YES
allow_writeable_chroot=YES

Note: Enabling allow_writeable_chroot can pose security risks. Use it only if necessary and understand the implications.

Testing and Verification

After configuring your FTP server, it’s crucial to test its functionality thoroughly.

Connection Testing

Use an FTP client like FileZilla or the command-line FTP tool to connect to your server:

ftp localhost

Enter your username and password when prompted.

User Access Verification

Try logging in with different user accounts to ensure that access restrictions are working as intended.

File Transfer Testing

Attempt to upload and download files to verify that permissions are set correctly.

Common Troubleshooting Steps

If you encounter issues:

  • Check the VSFTPD service status: sudo systemctl status vsftpd
  • Review logs for errors: sudo tail -f /var/log/vsftpd.log
  • Verify firewall settings: sudo firewall-cmd --list-all
  • Ensure SELinux is not blocking access: sudo ausearch -c 'vsftpd' --raw | audit2allow -M my-vsftpd

Security Best Practices

Implementing robust security measures is crucial for protecting your FTP server and data.

SSL/TLS Implementation

To enable SSL/TLS encryption, generate a self-signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Then, add these lines to your vsftpd.conf:

ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem

Regular Updates

Keep your system and VSFTPD updated:

sudo dnf update

Access Control Recommendations

  • Use strong, unique passwords for each FTP user
  • Implement two-factor authentication if possible
  • Regularly review and prune the list of authorized users

Monitoring Considerations

Set up log monitoring and alerting to detect and respond to suspicious activities promptly. Consider using tools like Fail2Ban to automatically block IP addresses that show malicious behavior.

Congratulations! You have successfully installed the FTP server. Thanks for using this tutorial for installing the FTP server on CentOS Stream 10. For additional help or useful information, we recommend you check the official VSFTPD website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more tutorials!
Back to top button