Few days ago we showed you how to install ProFTPD in CentOS 7. We also said that there were two primary FTP servers in the Linux community that are widely used with dedicated support base and resources.
ProFTPD which we showed you how to install is one and VSFTPD is another FTP server that is very popular in the Linux community. If you wish to install an FTP server in Linux, one of these two should be your main focus.
Well, now that you know how to install ProFTPD, here’s a brief tutorial on how to install VSFTPD in CentOS 7.
The two letters VS in VSFTPD stand for ‘very secure‘ which its developers promote as a program with strong protection against common FTP vulnerabilities. Well, here’s something everyone should understand about FTP servers. The FTP protocol is inherently insecure in its design.
If you must use an FTP server in a production environment, choose a setup that implements SSL/TLS connection or use SFTP which is a secure alternative to FTP.
Anyway, when you’re ready to install VSFTPD in CentOS 7, continue below and follow the steps.
- Installing VSFTPD in CentOS 7
To install the program in CentOS, run the commands below:
sudo yum -y install vsftpd
After installing the program, continue to its configuration file to enable some settings that will allow you to connect to the server. By default when the program is installed, it only allows anonymous access to your server. You should go and disable this access to improve your server security.
Anonymous access allows for unidentified users to anonymously distribute files but it also posses a serous security issue.
To edit VSFTPD configuration file, run the commands below.
sudo vi /etc/vsftpd/vsftpd.conf
To disable anonymous access, change the line highlighted below to No:
anonymous_enable = No
Next, change the line to allow local users on the system to access the FTP server. By default, only anonymous access are allowed. Local accounts that are created on the server will not be allowed until the line below is uncommented.
Change the line below to Yes to enable local account access.
Another security feature is to set the chroot_local_user directory to Yes. Enabling this feature will only allow local users access to their home directory and nowhere else.
User are jailed to their home folders and are denied access to other part of the server. It’s a great feature to enable. To enable it, uncomment the line that reads,
Finally, save the file and restart the server by running the commands below.
sudo systemctl restart vsftpd.service
To make sure that the FTP server is started automatically when your server boots up or rebooted, run the commands below
sudo systemctl enable vsftpd.service
If you which to connect to the FTP server remotely, you must enable FTP traffic through the firewall. To enable it, run the commands below.
sudo firewall-cmd --permanent --zone=public --add-service=ftp