How to Configure FTP Access on CentOS 8
An FTP server is useful for managing websites and sharing files. In this tutorial, we will configure FTP access on CentOS 8 using vsftpd.
Installing and configuring the FTP server
Let’s install the vsftpd package.
dnf install vsftpd
Now start the service.
systemctl start vsftpd
And add it to autorun.
systemctl enable vsftpd
Open the /etc/vsftpd/vsftpd.conf file.
Check these parameters to make sure they have the correct values. We currently prohibit anonymous login and allow it for local users. FTP recording is also allowed.
anonymous_enable=NO
local_enable=YES
write_enable=YES
Find and uncomment this line to restrict access to everything except the home directory.
chroot_local_user=YES
And add this line to the end of the file to grant access to change and write files via FTP.
allow_writeable_chroot=YES
Now save and close the file and open /etc/pam.d/vsftpd. Comment this line in it:
#auth required pam_shells.so
If you use firewalld add the FTP service to it.
firewall-cmd --permanent --add-service=ftp
firewall-cmd --reload
Restart the FTP service.
systemctl restart vsftpd
Creating a user for FTP access
Create a new user and set the password for it.
useradd newftpuser
passwd newftpuser
To prevent it from logging in via ssh, change its shell.
usermod --shell /sbin/nologin newftpuser
Using SSL/TLS for secure FTP
You can use SSL/TLS to encrypt your connection. For this purpose, you can use Let's Encrypt or a self-signed SSL certificate.
In the the /etc/vsftpd/vsftpd.conf file add the paths to the keys and enable ssl_enable option.
rsa_cert_file=/etc/letsencrypt/live/domain_name/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/domain_name/privkey.pem
ssl_enable=YES
And restart the service.
systemctl restart vsftpd