setsebool allow_ftpd_full_access on
setsebool -P ftp_home_dir on
vsftpd (Very Secure File Transport Protocol Daemon) is a secure, fast FTP server for Unix/Linux systems. In this how-to article, let us see how to setup a basic FTP server using vsftpd on CentOS 6.5. This procedure will also work on all RHEL CentOS, Scientific Linux 6.x versions.
My testbox server hostname and IP Address are server.unixmen.local and 192.168.1.101/24 respectively. Change the values as per your scenario.
Install vsftpd
All commands should be run with ‘root’ user. Run the following command in terminal to install vsftpd package:
# yum install vsftpd ftp -y
Configure vsftpd
Edit vsftpd configuration file /etc/vsftpd/vsftpd.conf,
# vi /etc/vsftpd/vsftpd.conf
Find the following lines and make the changes as shown below:
[...] ## Set to "NO" ## anonymous_enable=NO ## Uncomment ## ascii_upload_enable=YES ascii_download_enable=YES ## Uncomment - Enter your Welcome message - This is optional ## ftpd_banner=Welcome to UNIXMEN FTP service. ## Add at the end of this file ## use_localtime=YES
Start the vsftpd service and make it to start automatically on every reboot:
# service vsftpd start # chkconfig vsftpd on
Create FTP users
By default, root user is not allowed to login to ftp server for security purpose. So let us create a testing user called“sk” with password “centos”:
# useradd sk # passwd sk
Connecting to FTP server
Now let us try to connect to FTP server itself with user “sk”:
# ftp 192.168.1.101 Connected to 192.168.1.101 (192.168.1.101). 220 Welcome to UNIXMEN FTP service. Name (192.168.1.101:root): sk 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/sk Login failed. ftp>
Probably you will get an error like “500 OOPS: cannot change directory”.
This is because your SELinux restricts the user to log in to ftp server. So let us update the SELinux boolean values for FTP service:
# setsebool -P ftp_home_dir on
Now try again to login to FTP server:
# ftp 192.168.1.101 Connected to 192.168.1.101 (192.168.1.101). 220 Welcome to UNIXMEN FTP service. Name (192.168.1.101:root): sk 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
Now you will be able to login to FTP server without any problems.
Client side configuration
Let me try to log in to the FTP server from my Ubuntu client system.
$ ftp 192.168.1.101 ftp: connect: No route to host ftp>
You might see the above error like “ftp:connect:No route to host”. To resolve this error, allow the default ftp port“21″ through your firewall or router. In the server side, do the following.
Edit file /etc/sysconfig/iptables,
# vi /etc/sysconfig/iptables
Add the following lines.
[...] -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT [...]
Save and exit the file. Restart iptables now:
# service iptables restart
Now try again from the client system to login to FTP server:
$ ftp 192.168.1.101 Connected to 192.168.1.101. 220 Welcome to UNIXMEN FTP service. Name (192.168.1.101:sk): sk 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
Boom!! It’s working now.