Installing & Configuring VSFTPD

by D. Moore  (YouCanToo)

This how-to focuses on how to setup vsftpd server on your PCLinuxOS based computer. The vsftpd stands for “Very Secure FTP Daemon”. It is not just secure as the name suggests but also delivers excellent performance by consuming less memory. The tutorial also teaches you how to configure by adding FTP users and locking the directory to individual users.

Installing vsftpd on PCLinuxOS

 Open the Synaptic Package Manager and do a search for vsftpd.

Now Mark the package for installation and click apply.

WARNING: if you have any other ftp server installed, it will be removed when you install vsftpd.

Click apply again. VSFTPD will now be installed onto your system. Click "close" and then you can exit Synaptic.

--- How to configure vsftpd ---

Before we get started we need to make sure the vsftpd daemon is stopped. You can do this in a console window as root. You should see something like this:

[root@laptop dwmoar]# service vsftpd stop

Shutting down vsftpd:                                                 [FAILED]

[root@laptop dwmoar]#

Now we need to edit the vsftp.conf file. In your favorite text editor as the root user, open the /etc/vsftpd/vsftpd.conf file.

We need to change the following options:

1. We don't want any anonymous logins:

   uncomment the following and change to the following

          anonymous_enable=NO

2. Enable local users:

   uncomment the following and change to the following

          local_enable=YES

3. The ftpuser should be able to write data:

   uncomment the following and change to the following

           write_enable=YES

4. Set umask to 022 to make sure all files and folders have proper permissions.

files (644)  folders (755)

        uncomment the following and change to the following

            local_umask=022

5. Turn off port 20, this makes vsftpd run less privileged:

   uncomment the following and change to the following

            connect_from_port_20=NO

6. Chroot everyone:  Make sure no one can snoop in anyone else’s directory.

   uncomment the following and change to the following

             chroot_local_user=YES

--- Our basic configuration is now complete. ---

Let's now start the vsftpd service.

In a console window as the root user, type in the following

service vsftpd start

you should see something like this:

[root@laptop etc]# service vsftpd start

Starting vsftpd for vsftpd:                                           [  OK  ]

[root@laptop etc]#

If you see the word "FAILED" this means there was a mistake in the configuration file. Go back, double check your work and try again.

Congratulations if you got the "OK". Your ftp server is up and running.

Now let’s add a new ftpuser.

Since vsftpd has no gui we will need to do the following from a console window as root.

adduser -d /path/to/the/ftpusers/home/directory -s /usr/bin/bash ftpuser*

where ftpuser* is the ftpuser’s name.

 --- EXAMPLE ---

[root@laptop etc]# useradd -d  /home/mastermind -s /usr/bin/bash mastermind

[root@laptop etc]#

Setup a password for the ftpuser

passwd ftpuser*

where ftpuser* is the name of the user.

--- EXAMPLE ---

[root@laptop etc]# passwd mastermind

Changing password for user mastermind.

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

[root@laptop etc]#

NOTE:  the password is not echoed to the screen so make sure it is entered the same both times.

In order to enable the ftpuser to read and write the data in the home directory, change the permission and take ownership:

chown -R ftpuser /path/to/the/ftpusers/home/directory

chmod 755 /path/to/the/ftpusers/home/directory   

--- EXAMPLE ---

[root@laptop etc]# chown -R mastermind /home/mastermind

[root@laptop etc]# chmod 755 /home/mastermind

 

Create a userlist file and add the user.

nano /etc/vsftpd/vsftpd.userlist

and add the user

ftpuser*

where ftpuser* is the actual username

on a new line add the following

userlist_file=/etc/vsftpd.userlist

Now save your file.

--- EXAMPLE ---

One last change. Now create a usergroup and add the ftpuser to it:

usermod -G ftpuser ftpuser*

where  ftpuser* is the actual username.

 

--- EXAMPLE ---

[root@laptop vsftpd]# usermod -G mastermind mastermind

Now restart the vsftpd service

service vsftpd restart

You should see something like this

[root@laptop vsftpd]# service vsftpd restart

Shutting down vsftpd:                                                 [  OK  ]

Starting vsftpd for vsftpd:                                           [  OK  ]

[root@laptop vsftpd]#

If you see "FAILED" go back and recheck your work.

That’s it. Now you have a secure installation of vsftpd on your machine.