March 21, 2008

Secure FTP Install & Config

The Setup:
Server: vsftpd on Centos 5.0
Client: SmartFTP free edition from http://www.smartftp.com/
--It has a tutorial on how to use on the left-hand-side column.

The Problem: Needed an intra-office network storage system for various multimedia assets and files.
The Solution:
Download the server daemon:

$ yum -y install vsftpd

To start, stop, restart, and check the status the vsftpd server respectively, run these commands:

/sbin/service vsftpd start
/sbin/service vsftpd stop
/sbin/service vsftpd restart

(restart will output FAILED if the server was not running before, but don't panic.)

/sbin/service vsftpd status

will tell you the status, as will:

$ netstat -a | grep ftp

Where you should see:

tcp 0 0 *:ftp *: * LISTEN

If you see nothing, then vsftpd is stopped.

Configure vsftpd to start at boot:

$ chkconfig vsftpd on

User Creation:
Users will share the same directory and will only have read-only access to it, adjust permissions or directories to suit your needs.

Since we are only using authenticated users, disable anonymous FTP, in /etc/vsftpd/vsftpd.conf
Comment out anonymous_enable or just set it to NO.

#Allow anonymous FTP?
#anonymous_enable = YES

and

Set local_enable = YES

to enable individual logins.
Start your vsftpd server:

/sbin/service vsftpd start

Create an ftp group and the directory all ftp users will share:

$ groupadd ftpgroup
$ mkdir /home/fptdocs

Make the directory accessible to the users that belong to the ftp group:

$ chmod 674 /home/ftpdocs
$ chown root.ftpgroup /home/ftpdocs

Create ftp user accounts:

$ useradd -g ftpgroup -d /home/ftpdocs ftpuser1

follow up with:

$ passwd ftpuser1

Now this user should have the necessary permissions to upload/download files via ftp.

ftpuser1 is really nice, but I just don't trust him, a bumbling idiot really... and we just gave him access to my Linux box that also controls the lasers!

Clean this mess up!

In the vsftpd.conf file:

chroot_list_enable=YES
# (default follows)

And the following to the /etc/vsftpd/chroot_list file:

ftpuser1

Edit /etc/shells file and add

/bin/true

to it.

Open the /etc/passwd file and change

ftpuser:x:501:501::/home/ftpdocs:/bin/bash

to

ftpuser:x:501:501::/home/ftpdocs/./:/bin/true

And change that dummy's shell by running the following command:

$ chsh ftpuser1

When prompted for a new shell, enter:

/bin/true

The following sites might be worth visiting:
http://vsftpd.beasts.org/vsftpd_conf.html
http://www.brennan.id.au/14-FTP_Server.html

Tips:

  • As with many servers, restart your vsftpd server for any configuration changes to take place.
  • Don't try this with CentOS 4.3. I tried this with CentOS 4.3 and it got pretty messed. Wipe the server and setup CentOS 5.0+
  • Use sudo as necessary, its use here is understood.

Special Thank's to Willie Bens for the technicals.

leave comments

if you would like to make a comment, please fill out the form below.

name (required)

email (required)

website

Comments
 

recent postings

monthly archives

site navigation