Centos 7 – FTP server + Users Managment + Folder Permissions

Last updated on May 26th, 2020 at 07:38 am

yum -y install vsftpd

nano /etc/vsftpd/vsftpd.conf

Change the following directives:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Create Certificate without prompt

mkdir -p /etc/cert/vsftpd && cd /etc/cert/vsftpd && openssl req -x509 -nodes -days 7300 -newkey rsa:2048 \
-subj "/C=IL/ST=SGLCORE/L=CyBeRSEC/O=Dis/CN=www.sglcore.com" \
-keyout /etc/cert/vsftpd/vsftpd.pem -out /etc/cert/vsftpd/vsftpd.pem

Centos With SSL

yum install vsftpd -y
clear && echo && clear
echo > /etc/vsftpd/chroot_list
echo > /etc/vsftpd/vsftpd.conf
echo > /var/log/vsftpd.log
mkdir -p /etc/cert/vsftpd
cd /etc/cert/vsftpd && openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd/vsftpd.pem -out /etc/cert/vsftpd/vsftpd.pem
chmod 640 /etc/cert/vsftpd/*.*
chmod 777 /var/log/vsftpd.log


sudo cat > /etc/vsftpd/vsftpd.conf << "EOF"
listen_port=48821
ftp_data_port=48820
pasv_max_port=48890
pasv_min_port=48830
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
#connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
userlist_enable=YES
userlist_file=/etc/vsftpd/chroot_list
userlist_deny=NO
rsa_cert_file=/etc/cert/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd/vsftpd.pem
ftpd_banner=Welcome to SGLCORE ftp server
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_enable=Yes
allow_writeable_chroot=YES
setproctitle_enable=YES
listen=YES
listen_ipv6=NO
userlist_enable=YES
tcp_wrappers=YES
dual_log_enable=YES
xferlog_file=/var/log/vsftpd.log
vsftpd_log_file=/var/log/vsftpd.log
pam_service_name=vsftpd
EOF

systemctl enable vsftpd
systemctl start vsftpd
systemctl restart vsftpd

 

Ubuntu With SSL

sudo apt-get install vsftpd -y
mkdir -p /etc/vsftpd
echo > /etc/vsftpd.user_list
echo > /etc/vsftpd/chroot_list
mkdir -p /etc/cert/vsftpd
cd /etc/cert/vsftpd && openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd/vsftpd.pem -out /etc/cert/vsftpd/vsftpd.pem
chmod 640 /etc/cert/vsftpd/*.*
echo > /var/log/vsftpd.log
chmod 777 /var/log/vsftpd.log


cat > /etc/vsftpd.conf << EOF
listen_port=48821
ftp_data_port=48820
pasv_max_port=48890
pasv_min_port=48830
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
#connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.userlist
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
rsa_cert_file=/etc/cert/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_enable=Yes
allow_writeable_chroot=YES
setproctitle_enable=YES
listen=YES
listen_ipv6=NO
userlist_enable=YES
tcp_wrappers=YES
dual_log_enable=YES
xferlog_file=/var/log/vsftpd.log
vsftpd_log_file=/var/log/vsftpd.log
pam_service_name=ftp
EOF

Add FTP users to Chroot list (must be created)

nano /etc/vsftpd/chroot_list

systemctl restart vsftpd
systemctl enable vsftpd

Open Firewall

firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --reload

Create group www-root

groupadd www-root

Create user “ftpuser”

useradd ftpuser
passwd ftpuser
provide_your_password

Add user websitecom to www-root

usermod -a -G www-root ftpuser
chgrp -R www-root /var/www/your_web_site.com

Change User Home Directory to Another one

usermod -d /var/www/your_web_site.com user
usermod -d /new/ftpusr/folder user

Permission for ftpuser folder with website

chown -R ftpuser:www-root /home/ftpuser
chmod +x /home/ftpuser

Permission for ftpuser folder with website


!!!!!!!!! create file /etc/vsftpd/chroot_list and add ftp user to file !!!!!!!!!!!

!!!!!!!!!!!!run this comand to enable ftp in SELinux!!!!!!!!!!!!!!

semanage boolean -m ftpd_full_access –on

systemctl restart vsftpd