How to Configure FTP Access on CentOS 8 Using vsftpd
An FTP server is useful for managing websites and sharing files. In this tutorial, we will configure FTP access on CentOS 8 using vsftpd.
Installing and configuring the FTP server
Let’s install the vsftpd package.
dnf install vsftpdNow start the service.
systemctl start vsftpdAnd add it to autorun.
systemctl enable vsftpdOpen the /etc/vsftpd/vsftpd.conf file.
Check these parameters to make sure they have the correct values. We currently prohibit anonymous login and allow it for local users. FTP recording is also allowed.
anonymous_enable=NO
local_enable=YES
write_enable=YESFind and uncomment this line to restrict access to everything except the home directory.
chroot_local_user=YESAnd add this line to the end of the file to grant access to change and write files via FTP.
allow_writeable_chroot=YESNow save and close the file and open /etc/pam.d/vsftpd. Comment this line in it:
#auth required pam_shells.soIf you use firewalld add the FTP service to it.
firewall-cmd --permanent --add-service=ftp
firewall-cmd --reload Restart the FTP service.
systemctl restart vsftpdCreating a user for FTP access
Create a new user and set the password for it.
useradd newftpuser
passwd newftpuserTo prevent it from logging in via ssh, change its shell.
usermod --shell /sbin/nologin newftpuserUsing SSL/TLS for secure FTP
You can use SSL/TLS to encrypt your connection. For this purpose, you can use Let's Encrypt or a self-signed SSL certificate.
In the the /etc/vsftpd/vsftpd.conf file add the paths to the keys and enable ssl_enable option.
rsa_cert_file=/etc/letsencrypt/live/domain_name/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/domain_name/privkey.pem
ssl_enable=YESAnd restart the service.
systemctl restart vsftpd
700
300
700
300
700
300
700
300
