Scribd
Upload
27 views9 pages

How to configure FTP Server in Redhat Linux

This document provides a step-by-step tutorial on configuring an FTP server using vsftpd on Redhat Linux, including setting up anonymous downloads and local user access. It covers essential configurations, firewall settings, and SELinux adjustments necessary for secure FTP operations. The tutorial also highlights important directives in the vsftpd configuration file and offers practical exercises for testing the setup.

Uploaded by

Razu Mollah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views9 pages

How to configure FTP Server in Redhat Linux

This document provides a step-by-step tutorial on configuring an FTP server using vsftpd on Redhat Linux, including setting up anonymous downloads and local user access. It covers essential configurations, firewall settings, and SELinux adjustments necessary for secure FTP operations. The tutorial also highlights important directives in the vsftpd configuration file and offers practical exercises for testing the setup.

Uploaded by

Razu Mollah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

4/26/2021 How to configure FTP Server in Redhat Linux

How to configure FTP Server in Redhat Linux


This tutorial explains how to configure FTP Server and FTP client in Linux step by step with practical examples. Learn how to configure
anonymous download option in FTP, allow or restricted local users to login in home directories through FTP and use FTP chroot
feature to keep users in allowed directories only.

As a linux Administrator you should know

FTP stand for File Transfer Protocol.


FTP does not require to login directly into the remote host
FTP transfer data without encryption
vsftpd is the only stand-alone FTP distributed With RHEL
vsftpd stand for Very Secure FTP Daemon
vsftpd is secure, fast and stable version of FTP
vsftpd efficiently handle large numbers of connection securely
You should use SFTP instead of FTP while transferring data over public network like Internet
RHCE Exam Objective covered in this tutorial

Configure anonymous-only download.

In this tutorial I will use two systems Server and linuxclient from our LAB environment. I will configure FTP Server on
Server system and ftp client on linuxclient system. If you want to check the network topology used in this article please
check following article. Lab set up for RHCE practice.

Prepare LAB for FTP practice

Configure FTP Server on RHEL


vsftpd package is required for FTP Server. Check whether package is installed or not. If package is missing install it first.

Configure vsftpd service to start at boot

Current status of vsftpd service must be running. Start if it is stopped. Restart vsftpd service whenever you made any change in
configuration file.

FTP Server is by default configured to listen on port 21. Port 21 must be opened if you have configured firewall. The configuration of a
firewall for an FTP server is a relatively simple process.

#iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 1/9
4/26/2021 How to configure FTP Server in Redhat Linux

Create 2 normal user accounts for testing. Create a normal user

create another normal user

That's all configure we need on server right now.

Configure FTP client on RHEL


From RHEL version 6 you will not be able to run ftp command. By default you will get following error

-bash: ftp: command not found error

To run ftp command ftp package is required. Install it if it is not installed.

Check connectivity with FTP Server.

Now try again to run ftp command

We have successfully connected with FTP server.

LAB Exercises

Configure anonymous-only download [RHCE exam objective]


Configure FTP server to allow anonymous access, chrooted to /var/ftp
Configure FTP Server to all local users except user vikram to ftp in server

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 2/9
4/26/2021 How to configure FTP Server in Redhat Linux

Download/upload must be allowed for these users and the users must be chrooted on their home directory
Configure anonymous-only download [RHCE exam objective]

Go on Server system and open main ftp configuration file /etc/vsftpd/vsftpd.conf

vsftpd.conf is the main configuration file of FTP server and it contains lot of directives. Configuration of an anonymous-only
download is relatively simple. Default configuration of vsftpd.conf already supports anonymous-only download. But it also supports
access from local users. All you need to do is disable the directive which allows locally configured users to login with their accounts.

Comment following directives and save the file

Restart the vsftpd service

When a user connects on the FTP server with anonymous username, actually that user connects on the server as a user named ftp.
RHEL automatically create this account with following setting.

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

With these setting users are not allowed to login as the user named ftp. So they need to use anonymous as user name. So whenever
an anonymous user logged in, he is taken to ftp user's home directory /var/ftp. So if you want to change the default directory
associated with anonymous logins, change the home directory associated with the local user named ftp. Create a file on the root of
the ftp directory /var/ftp/pub. This file will be downloaded by anonymous user.

# dd if=/dev/null of=/var/ftp/pub/file bs=1024 count=1000

If you are running Linux without SELinux that's all setting which we need for this exercise. SELinux is listed in RHCE exam objective. So
if you have configured SELinux, also configure following boolean option.

# chcon -R -t public_content_t /var/ftp/pub/

In this exercise we are asked to configure anonymous download only. So we should be

Able to download anonymous


Fail to upload
Fail to login form other account except anonymous
Go on linuxclient system and login to the FTP server as anonymous user and download test_file

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 3/9
4/26/2021 How to configure FTP Server in Redhat Linux

Most commonly commands used on ftp prompt are


put To upload files on server
get To download files from server
mput To upload all files
mget To download all files
? To see all available command on ftp prompts
cd To change remote directory
lcd To change local directory.

Create a sample file

Login from anonymous again and try to upload

Try to login form normal user

Restrict anonymous user to ftp directory.

To test this login form anonymous user again

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 4/9
4/26/2021 How to configure FTP Server in Redhat Linux

Try to change parent directory

Configure FTP Server to all local users except user vikram to ftp in server

FTP non-anonymous server


In this exercise we will configure FTP server that allow local users logins to their home directories. Download/upload must be allowed
for these users. Go on server system and open /etc/vsftpd/vsftpd.conf file

Comment anonymous_login=YES, uncomment local_enable and save the file

open /etc/vsftpd/user_list file

Users listed on /etc/vsftpd/user_list are not allowed to login on FTP server. Add user vikarm in it. This file also have an entry for
root user that why root user is denied from FTP login. If you want to enable root user for ftp session just remove its entry from this file
[Enable root for FTP session is not recommended in any circumstances, change at your own risk].

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 5/9
4/26/2021 How to configure FTP Server in Redhat Linux

Configure SELinux to allow upload/download in user's home directory

Restart the vsftpd service

Login from normal user sanjay and create a example_file

Come back on linuxclient system and try to login from user vikram

Now try to login from user sanjay

upload/download file

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 6/9
4/26/2021 How to configure FTP Server in Redhat Linux

Login again from normal user and try to change parent directory

It allows you to navigate the / directory which serious security issue.

Configure FTP to chroot local users in their home directory

Go on server and open /etc/vsftpd/vsftpd.conf file

Uncomment following directive and save the file

chroot_local_user=YES

Restart the vsftpd restart

Come back on linux client system and login form sanjay and try again to change directory to /

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 7/9
4/26/2021 How to configure FTP Server in Redhat Linux

Now normal user will not be able to navigate outside the home directory.

Important directives of vsftpd.conf


anonymous_enable=YES

Enable anonymous login

local_enable=YES

Enable local users login with their regular password

chroot_local_user=YES

Users are restricted in their home directory

write_enable=YES

Enables write operations on FTP

local_umask=022

If write is enabled permissions will be based on the value of umask

#anon_upload_enable=YES

Enable anonymous user to upload file

#anon_mkdir_write_enable=YES

Allow anonymous users to create directories

ftpd_banner=Welcome to blah FTP service

Set FTP banner

pam_service_name=vsftpd

Configures Pluggable Authentication Modules (PAM) security for FTP

userlist_enable=YES

block users listed in /etc/vsftpd/user_list

tcp_wrappers=YES

Supports the use of security commands in /etc/hosts.allow and /etc/hosts.deny through tcpwrappers

SElinux boolean associated with vsftpd daemons


There are five SElinux boolean associated with vsftpd daemons
https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 8/9
4/26/2021 How to configure FTP Server in Redhat Linux

# setsebool allow_ftpd_full_access 1

vsftpd daemons will run on a SElinux context without any restriction

# setsebool allow_ftpd_anon_write 1

Supports the writing of files to directories configured with the public_content_rw_t SELinux setting

# setsebool allow_ftpd_use_cifs 1

Allows the use of files shared via CIFS on an FTP server

# setsebool allow_ftpd_use_nfs 1

Allows the use of files shared via NFS on an FTP server

# setsebool ftp_home_directory 1

Supports FTP read/write access to user home directories

# chcon -R -t public_content_t /var/ftp/pub/

Any directory that is going to be used on read FTP operations it must be labelled as public_content_rw_t

# chcon -R -t public_content_rw_t /var/pub/ftp

Any directory that is going to be used on read-write FTP operations it must be labelled as public_content_rw_t

By ComputerNetworkingNotes Updated on 2019-01-04 06:08:48 IST

Advertisements

ComputerNetworkingNotes RHCE 7 Study Guide How to configure FTP Server in Redhat Linux

Firewalld Basic concepts Explained with Examples How to Configure LUKS File Encryption in Linux
We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product
advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us
[email protected]

Computer Networking Notes and Study Guides © 2021. All Rights Reserved.
About Privacy Policy Terms and Conditions

https://www.computernetworkingnotes.com/rhce-study-guide/how-to-configure-ftp-server-in-redhat-linux.html 9/9

You might also like