How to Setup vsFTPd on CentOS 7

FTP is a useful protocol for transferring files over the internet, this guide will show you how to set up vsFTPd (Very Secure File Transfer Protocol Daemon) on a CentOS 7 server.

To start with, we’ll need to provision a server. vsFTPd’s requirements are modest, you’ll want to select a plan that provides sufficient disk space and transfer capacity for your target use case. Make sure you select a location for your server that is geographically close to where you’ll be using it most. Select CentOS 7 as your operating system. It may take a couple of minutes to instantiate a new server.

Once it is up and running, use the root credentials on the overview page to SSH into your new server.

ssh root@192.0.2.0

After being prompted for your root password you’ll have a new root session. Before you install new software, it’s always a good idea to make sure your existing packages are up to date. CentOS uses yum to manage packages. Even on a brand new server, there may be a couple packages out of date.

yum upgrade -y

When the upgrade is complete, you’ll be ready to install vsFTPd itself.

yum install -y vsftpd

Before we start the FTP server there are some options that are critical to set in the configuration file.

vi /etc/vsftpd/vsftpd.conf

By default vsFTPd allows for anonymous FTP sessions. Unless you want anyone to be able to upload or download files from your server, it is recommend to set this option to “no”.

anonymous_enable=NO

Ensure that you are able to upload files to the FTP server.

write_enable=YES

These next changes ensure that when a user on your server logs in they are only able to upload files to their own home folder.

chroot_local_user=YES
chroot_list_enable=NO
allow_writeable_chroot=YES

Finally, we need to tell vsFTPd which passive ports to use. FTP servers typically take commands from clients on one port and then return data on another. Today, we’ll allocate 1000 ports, between 8000 and 9000.

pasv_min_port=8000
pasv_max_port=9000

Save the file and exit. We can now restart vsFTPd to make those changes take effect.

systemctl restart vsftpd

Finally we need to add firewall rules so that vsFTPd can talk to the outside world.

firewall-cmd --permanent --add-port=20-21/tcp
firewall-cmd --permanent --add-port=8000-9000/tcp
firewall-cmd --reload

Now, using the FTP client of your choice, login with your username and password and try uploading a file. You’ll be able to use ls to list files on your terminal session:

ls /home/<username>