FTP server is used to exchange files between computers over network . This guide helps you to setup ftp server on centos 7 . This guide contains configuration steps for both FTP and SFTP as well as user creation . Here i’ve used VSFTP package which is secure and less vulnerable .

1. FTP Server
2. SFTP Server
3. User creation

Setup FTP server on centos 7

Step 1 : Update your repository and install VSFTPD package .

[root@hackthesec ~]# yum check-update
[root@hackthesec ~]# yum -y install vsftpd

Step 2 : After installation you can find /etc/vsftpd/vsftpd.conf file which is the main configuration file for VSFTP.
Take a backup copy before making changes .

[root@hackthesec ~]# mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/

Now open the file and make changes as below

[root@hackthesec ~]# nano /etc/vsftpd/vsftpd.conf

Find this line anonymous_enable=YES ( Line no : 12 ) and change value to NO to disable anonymous FTP access.


Uncomment the below line ( Line no : 100 ) to restrict users to their home directory.


and add the below lines at the end of the file to enable passive mode and allow chroot writable.


Step 3 : Now restart vsftpd service and make it start automatically after reboot.

[root@hackthesec ~]# systemctl restart vsftpd.service
[root@hackthesec ~]# systemctl enable vsftpd.service

Step 4 : Add FTP service in firewall to allow ftp ports .

[root@hackthesec ~]# firewall-cmd --permanent --add-service=ftp
[root@hackthesec ~]# firewall-cmd --reload

Step 5 : Setup SEinux to allow ftp access to the users home directories .

[root@hackthesec ~]# setsebool -P ftp_home_dir on
Step 6 : Now create an User for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server .

[root@hackthesec ~]# useradd -m dave -s /sbin/nologin
[root@hackthesec ~]# passwd dave

Now user dave can able to login ftp on port 21 .

You can filezilla or winscp client for accessing files.

SFTP server

SFTP ( Secure File Transfer Protocol ) is used to encrypt connections between clients and the FTP server. It is highly recommended to use SFTP because data is transferred over encrypted connection using SSH-tunnel on port 22 .
Basically we need openssh-server package to enable SFTP .
Install openssh-server package, if its not already installed.

[root@hackthesec ~]# yum -y install openssh-server
Step 7 : Create a separate group for FTP access.

[root@hackthesec ~]# groupadd ftpaccess
Step 8 : Now open /etc/ssh/sshd_config file and make changes as below.
Find and comment the below line ( Line no : 147 ).

#Subsystem sftp /usr/libexec/openssh/sftp-server

and add these lines below.

Subsystem sftp internal-sftp
Match group ftpaccessChrootDirectory %h
X11Forwarding no
AllowTcpForwarding noForceCommand internal-sftp

Step 9 : Now restart sshd service.

[root@hackthesec ~]# systemctl restart sshdNow your SFTP server is configured and ready .

User creation

Step 10 : Create user jack with /sbin/nologin shell and ftpaccess group

[root@hackthesec ~]# useradd -m jack -s /sbin/nologin -g ftpaccess
[root@hackthesec ~]# passwd jack

Now assign root ownership for the home directory for chroot access and modify permission.

[root@hackthesec ~]# chown root /home/jack
[root@hackthesec ~]#
chmod 750 /home/jack

Create a directory www inside home directory for writing and modify ownership .

[root@hackthesec ~]# mkdir /home/jack/www
[root@hackthesec ~]# chown
jack:ftpaccess /home/jack/www

Now jack can use both ftp and sftp services . He can upload files in www directory .
If you are going to use FTP and SFTP together in the same server, you should follow above steps while creating users . For existing users add them to ftpaccess and make below changes.

[root@hackthesec ~]# usermod dave -g ftpaccess
[root@hackthesec ~]# chown root /home/dave
[root@hackthesec ~]# chmod 750 /home/dave
[root@hackthesec ~]# mkdir /home/dave/www
[root@hackthesec ~]# chown dave:ftpaccess /home/dave/www

Hack The Security
Hack The Security Twitter
Hack The Security Facebook

About Author:

I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Newer Post
Older Post


Post a Comment