Creating a New FTP User with Configuration Of Vsftpd on CentOS
Enhancing Server Accessibility with New FTP Users on CentOS
In today's digital landscape, efficient data management and secure file sharing are paramount for businesses and individuals alike. One of the most versatile and widely used solutions for achieving these objectives is setting up FTP (File Transfer Protocol) servers. On CentOS, a popular Linux distribution, configuring a new FTP user can significantly enhance server accessibility, fostering seamless collaboration and data exchange.
By creating a new FTP user, CentOS administrators empower themselves with a powerful tool for managing file transfers securely and efficiently. Whether it's uploading website content, sharing documents within a team, or exchanging files with clients, having dedicated FTP accounts ensures streamlined access control and improved data security.
This comprehensive guide will walk you through the process of setting up a new FTP user on your CentOS server, from installing and configuring the vsftpd service to creating and customizing user accounts. Additionally, it will provide valuable insights into optimizing security measures, such as firewall configuration and TLS encryption, to safeguard your server and data against potential threats.
With clear instructions and practical recommendations, this guide aims to empower CentOS users with the knowledge and tools necessary to leverage FTP technology effectively, enabling seamless file transfer operations while maintaining the highest standards of security and accessibility.
Recently i have installed & configured CentOs 8 on Amazon Ec2 (t4g.large) and deployed a project Laravel 8 with Vue , So for creating a new ftp user and only allowed access to /var/www/html folder with secure SSL / TLS was the requirement.You also needs to configure or allow inbound port in you running Aws Ec2 Instance. I will also show you how you can generate SSL / TLS and configure it for ftp user.Kindly open putty and login to your Aws Ec2 instance , your login name will be centos and password is your pem file which you obtained when you created an instance.
1. Installing Vsftpd FTP Service on CentOS 8
sudo yum update // update package manager then run below command sudo yum install vsftpd
When your package installed , run the below command to set it with system boot.
sudo systemctl start vsftpd
Run the below command to verify the status of vsftpd.
sudo systemctl status vsftpd
2. Create A New FTP User
We will now create a new ftp user , replace ftpuser by your choice name.adduser ftpuser //will create a user passwd ftpuser //it will ask for password, create a strong password and then put in console , it will also ask for confirm password.
Add the new user to the userlist , just copy and paste ftuser which you have created to this list by using below command. it has other users also added to put at the bottom of it , no space required at start and end of name when you put.
sudo nano /etc/vsftpd/user_list
If you do not run the below command , you will able to access the file but you can not edit , delete file due to permission , so below line will give permission to ftp user.
sudo chown -R ftpuser:ftpuser /var/www/html
Do not allow ftpuser from logging in via ssh, change its shell
sudo usermod --shell /sbin/nologin ftpuser
3. Configuration Of SSL / TLS
We will create self signed certificate , when you execute below command it will ask for you some information , if you don't know the information then see the profile of existing logged in user , there you can get information about name , organization etc then you can fill the details in command line.When you done , you can see in /etc/vsftpd/ directory , your certificate file will be generated after filling all details.sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.key -out /etc/vsftpd/vsftpd.pem
4. Configuration Of Vsftpd
Just take a backup of vsftpd.conf file , its good idea to take backup of configuration file , so in case of any mistake we can easily revert back to original state.sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.backup
Open the file with command and we have to add some parameters and also we need to modified some existing parameter in vsftpd .conf file.
sudo nano /etc/vsftpd/vsftpd.conf
Modify below existing parameters , search and look for it.
#existing chroot_local_user=YES local_enable=YES write_enable=YES chroot_local_user=YES listen=YES
Add below new parameters to bottom of file
#new pasv_min_port=1024 pasv_max_port=1048 userlist_enable=YES userlist_deny=NO userlist_file=/etc/vsftpd/user_list allow_writeable_chroot=YES pasv_address=xx.xxx.xxx.xxx (This will be your public IP Adderss From Amazon Instance Ec2) local_enable=YES pasv_enable=YES rsa_cert_file=/etc/vsftpd/vsftpd.pem rsa_private_key_file=/etc/vsftpd/vsftpd.key ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH debug_ssl=YES
You can restart Vsftpd , for taking configuration change effect. then open you FileZila Ftp Client and place host (public ip ec2 amazon) , ftp user name , password , then connect it.
NOTE: By completing step 5 , then try to connect with File Zila Ftp Client.
sudo systemctl restart vsftpd OR sudo service vsftpd restart
5. Configuration Of Port Added In Vsftpd.conf
Now go to web and there in running instance list you can see by scrolling to right , there will be a security group associated with each instance. Just click on security group , it will open the information and there you will see inbound , just click on edit , we have to add these rule here in inbound list.
6.Test the FTP connection
You can now connect to your FTP server using an FTP client like FileZilla. Use the FTP user credentials you created to log in.
Note:
- Ensure that firewall rules are configured to allow FTP traffic (port 21 by default).
- Consider enabling TLS encryption for FTP connections to enhance security. This requires additional configuration in vsftpd.
- Regularly monitor FTP access logs for any suspicious activity.