07.06.2023

How to Configure FTP Access on CentOS 8

An FTP server is useful for managing websites and sharing files. In this tutorial, we will configure FTP access on CentOS 8 using vsftpd.

Cloud Servers from €4 / moIntel Xeon Gold 6254 3.1 GHz CPU, SLA 99,9%, 100 Mbps channel

Installing and configuring the FTP server

Let’s install the vsftpd package.

dnf install vsftpd

Now start the service.

systemctl start vsftpd

And add it to autorun.

systemctl enable vsftpd

Open the /etc/vsftpd/vsftpd.conf file.
Check these parameters to make sure they have the correct values. We currently prohibit anonymous login and allow it for local users. FTP recording is also allowed.

anonymous_enable=NO
local_enable=YES
write_enable=YES

Find and uncomment this line to restrict access to everything except the home directory.

chroot_local_user=YES

And add this line to the end of the file to grant access to change and write files via FTP.

allow_writeable_chroot=YES

Now save and close the file and open /etc/pam.d/vsftpd. Comment this line in it:

#auth required pam_shells.so

If you use firewalld add the FTP service to it.

firewall-cmd --permanent --add-service=ftp
firewall-cmd --reload

Restart the FTP service.

systemctl restart vsftpd

Creating a user for FTP access

Create a new user and set the password for it.

useradd newftpuser
passwd newftpuser

To prevent it from logging in via ssh, change its shell.

usermod --shell /sbin/nologin newftpuser

Using SSL/TLS for secure FTP

You can use SSL/TLS to encrypt your connection. For this purpose, you can use Let's Encrypt or a self-signed SSL certificate.
In the the /etc/vsftpd/vsftpd.conf file add the paths to the keys and enable ssl_enable option.

rsa_cert_file=/etc/letsencrypt/live/domain_name/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/domain_name/privkey.pem
ssl_enable=YES

And restart the service.

systemctl restart vsftpd

Cloud Servers from €4 / moIntel Xeon Gold 6254 3.1 GHz CPU, SLA 99,9%, 100 Mbps channel