FTP server is used to exchange files between computers over network . This guide helps you to setup ftp server on centos 7 . This guide contains configuration steps for both FTP and SFTP as well as user creation . Here i’ve used VSFTP package which is secure and less vulnerable .
1. FTP Server
2. SFTP Server
3. User creation
Setup FTP server on centos 7
Step 1 : Update your repository and install VSFTPD package .
[root@hackthesec ~]# yum check-update
[root@hackthesec ~]# yum -y install vsftpd
Step 2 : After installation you can find /etc/vsftpd/vsftpd.conf file which is the main configuration file for VSFTP.
Take a backup copy before making changes .
[root@hackthesec ~]# mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org
Now open the file and make changes as below
[root@hackthesec ~]# nano /etc/vsftpd/vsftpd.conf
Find this line anonymous_enable=YES ( Line no : 12 ) and change value to NO to disable anonymous FTP access.
anonymous_enable=NO
Uncomment the below line ( Line no : 100 ) to restrict users to their home directory.
chroot_local_user=YES
and add the below lines at the end of the file to enable passive mode and allow chroot writable.
allow_writeable_chroot=YES
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100
Step 3 : Now restart vsftpd service and make it start automatically after reboot.
[root@hackthesec ~]# systemctl restart vsftpd.service
[root@hackthesec ~]# systemctl enable vsftpd.service
Step 4 : Add FTP service in firewall to allow ftp ports .
[root@hackthesec ~]# firewall-cmd --permanent --add-service=ftp
[root@hackthesec ~]# firewall-cmd --reload
Step 5 : Setup SEinux to allow ftp access to the users home directories .
[root@hackthesec ~]# setsebool -P ftp_home_dir on
Step 6 : Now create an User for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server .
[root@hackthesec ~]# useradd -m dave -s /sbin/nologin
[root@hackthesec ~]# passwd dave
Now user dave can able to login ftp on port 21 .
SFTP server
SFTP ( Secure File Transfer Protocol ) is used to encrypt connections between clients and the FTP server. It is highly recommended to use SFTP because data is transferred over encrypted connection using SSH-tunnel on port 22 .
Basically we need openssh-server package to enable SFTP .
Install openssh-server package, if its not already installed.
[root@hackthesec ~]# yum -y install openssh-server
Step 7 : Create a separate group for FTP access.
[root@hackthesec ~]# groupadd ftpaccess
Step 8 : Now open /etc/ssh/sshd_config file and make changes as below.
Find and comment the below line ( Line no : 147 ).
#Subsystem sftp /usr/libexec/openssh/sftp-server
and add these lines below.
Subsystem sftp internal-sftp
Match group ftpaccessChrootDirectory %h
X11Forwarding no
AllowTcpForwarding noForceCommand internal-sftp
Step 9 : Now restart sshd service.
[root@hackthesec ~]# systemctl restart sshd
Now your SFTP server is configured and ready .
User creation
Step 10 : Create user jack with /sbin/nologin shell and ftpaccess group
[root@hackthesec ~]# useradd -m jack -s /sbin/nologin -g ftpaccess
[root@hackthesec ~]# passwd jack
Now assign root ownership for the home directory for chroot access and modify permission.
[root@hackthesec ~]# chown root /home/jack
[root@hackthesec ~]# chmod 750 /home/jack
Create a directory www inside home directory for writing and modify ownership .
[root@hackthesec ~]# mkdir /home/jack/www
[root@hackthesec ~]# chown jack:ftpaccess /home/jack/www
Now jack can use both ftp and sftp services . He can upload files in www directory .
If you are going to use FTP and SFTP together in the same server, you should follow above steps while creating users . For existing users add them to ftpaccess and make below changes.