VSFTPD Configuration – RedHat Enterprise 6.x

by · Published · Updated

Past week, I had to research and learn about “VSFTPD” and implement SFTP server for one of our customers.

I want to share the instructions and my experiences about that. May be, It will help you in future.

What is “VSFTPD”?

“VSFTPD”, (or very secure FTP daemon) is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
“VSFTPD” supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS.
“VSFTPD” is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions.

What is scenario?

We need to create an user for SFTP connection and restrict the user in the user’s home directory.

The user can put files to “Outgoing” directory for upload and put files to “Incoming” directory for download.

The directories are in “/home/the_user_folder/” and the user will be restricted and the user can’t create directory in home directory but can create directory in “Incoming” and “Outgoing” directories.

Implementation

First Step, Installation

In order to implement VSFTPD server, we need to install two packages:

  1. OpenSSL
  2. VSFTPD

You can install them by YUM or by RPM.

Like this:

rpm -i /media/RHEL-6.8\ Server.x86_64/Packages/openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm
rpm -i /media/RHEL-6.8\ Server.x86_64/Packages/vsftpd-2.2.2-21.el6.x86_64.rpm

Don’t forget mark the service as a startup service:

chkconfig vsftpd on

VSFTPD Configuration

At first step of configuration, we should configure our vsftpd.conf file. Take backup from original file before editing that.

mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original

Then create a new file and add the below lines to that:

vi /etc/vsftpd/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
pam_service_name=vsftpd
chroot_local_user=YES
write_enable=YES
local_umask=022
tcp_wrappers=YES
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list_access
userlist_deny=NO

Create user list file and the user to that:

vi /etc/vsftpd/user_list_access

Then restart vsftpd service to reload the new configurations:

service vsftpd restart

User and Group Creation

We need to an user and a group for our SFTP users, so create them by run the below commands:

groupadd sftpusers
useradd -g sftpusers sftpuser
passwd sftpuser

Logon to the system by sftpuser and create two folders on its home directory:

su - sftpuser
mkdir incoming
mkdir outgoing

Now exit and logon to root account again and change the sftpuser’s home directory owner:

chown root:root /home/sftpuser
chmod 750 /home/sftpuser
OR
chmod 755 /home/sftpuser

Configuring SSH

After creating user and group, we need to do some changes on our SSH configuration file.

So edit “/etc/ssh/sshd_config” file and find “Subsystem       sftp    /usr/libexec/openssh/sftp-server”.
Comment it and insert the below lines to the file:

Subsystem sftp internal-sftp
Match Group sftpusers
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Save the file and exit. Then restart SSH service:

service sshd restart

[quotes_and_tips]

Davoud Teimouri

Professional blogger, vExpert 2015/2016/2017/2018/2019/2020/2021/2022/2023, vExpert NSX, vExpert PRO, vExpert Security, vExpert EUC, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *