Friday, June 1, 2012

Setting up vsftp Server

VS FTP is the FTP server shipped with Red Hat and related distributions. A few things to note when setting it up:

It uses system accounts, so you might want to be careful what each account has access to etc.

You may get an "Login Incorrect" error while trying to login. In /var/log/messages, you may see an error message like "avc:  denied  { search } for". This is due to SELinux settings. Run the command "/usr/sbin/setsebool -P ftp_home_dir 1" to fix this. Reference

For security purpose, it's recommended to limit FTP users to only specifically named ones. The default setting does not do that. To do that, add "user_list_deny=NO" to vsftpd.conf, delete all names in user_list, and then re-populate the list with only names that you allow FTP access to.

If there is a firewall, you need to open up ports 20 and 21. Standard FTP & FTP Data ports. In addition, for passive mode (which is recommended), you'll need to limit the port range VS FTP uses and then open up those specific ports in the firewall. To specify the port range used by VS FTP, add the following  lines to vsftpd.conf (port numbers just examples):
  • pasv_min_port=15000
  • pasv_max_port=15005
Obviously, you'll need to add these to your firewall as well.
Reference

No comments:

Post a Comment