vsftpd Configuration :
1) Install vsftpd using following command :
If it is Debian based (Ubuntu) Linux
$ sudo apt-get install vsftpd
If it is RPM based (CentOS, RHEL) Linux
$ sudo yum install vsftpd
2) Make three changes in vsftpd.conf
(Location of vsftpd.conf - /etc/vsftpd.conf or /etc/vsftpd/vsftpd.conf)
a)Uncomment line chroot_local_user=YES in vsftpd.conf
This attribute will make jail for user to not move to the parent directory.
b)Define attribute local_root in vsftpd.conf
local_root=/opt/lampp/htdocs
This is the path of the directory where user should be jailed. User can not go to the parent directory.In this example user will be logged in htdocs and can not reach to the parent directory of htdocs.
c)Allow users to upload file, set
local_enable=YES
write_enable_YES
Now user can log-in to the server by ftp using username and password.
host : IP of the server
username : user of the server except root
password : password of the user
3) To create user for ftp :
$ sudo adduser -c 'FTP USER ec2' -m ec2
Where ec2 is the username for ftp. To set password for this user :
$ sudo passwd ec2
4) FTP works on port 21. you can close the port or stop the service using
$ service vsftpd stop
and open the port or start the service using
$ service vsftpd start
5) If you are using CentOS/RHEL servers, Add following line in your iptables file
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
Path of iptables file :/etc/sysconfig/iptables
Save and close the file & Restart the iptables.
$ service iptables restart
6) To prevent anonymous log-in, Set anonymous_enable=NO
In vsftpd.conf, if anonymous_enable=YES, There is no need to put username & password. If you put only hostname and try to log-in, you can log-in.
For security purpose, make sure you have set this attribute NO.
7) By default root user can not log-in by ftp but log-in through sftp.
8) When you make any changes in the file vsftpd.conf, make sure you have restarted the vsftpd.