{"id":4929,"date":"2015-07-18T12:18:31","date_gmt":"2015-07-18T04:18:31","guid":{"rendered":"http:\/\/rmohan.com\/?p=4929"},"modified":"2015-07-18T13:26:04","modified_gmt":"2015-07-18T05:26:04","slug":"vsftp-on-centos6-6","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=4929","title":{"rendered":"vsftp on CentOS6.6"},"content":{"rendered":"

CentOS6.6<\/p>\n

2?vsftpd-2.2.2<\/p>\n

Second, the installation<\/p>\n

$ yum install -y vsftpd<\/p>\n

[root@oracledbserver mohan]# yum install vsftpd
\nLoaded plugins: fastestmirror, refresh-packagekit, security
\nSetting up Install Process
\nLoading mirror speeds from cached hostfile
\n * base: mirror.vodien.com
\n * extras: mirror.vodien.com
\n * updates: mirror.vastspace.net
\nbase | 3.7 kB 00:00
\nextras | 3.4 kB 00:00
\nupdates | 3.4 kB 00:00
\nResolving Dependencies
\n–> Running transaction check
\n—> Package vsftpd.x86_64 0:2.2.2-13.el6_6.1 will be installed
\n–> Finished Dependency Resolution<\/p>\n

Dependencies Resolved<\/p>\n

============================================================================================================================================================================================================
\n Package Arch Version Repository Size
\n============================================================================================================================================================================================================
\nInstalling:
\n vsftpd x86_64 2.2.2-13.el6_6.1 updates 151 k<\/p>\n

Transaction Summary
\n============================================================================================================================================================================================================
\nInstall 1 Package(s)<\/p>\n

Total download size: 151 k
\nInstalled size: 332 k
\nIs this ok [y\/N]: y
\nDownloading Packages:
\nvsftpd-2.2.2-13.el6_6.1.x86_64.rpm | 151 kB 00:00
\nRunning rpm_check_debug
\nRunning Transaction Test
\nTransaction Test Succeeded
\nRunning Transaction
\n Installing : vsftpd-2.2.2-13.el6_6.1.x86_64 1\/1
\n Verifying : vsftpd-2.2.2-13.el6_6.1.x86_64 1\/1<\/p>\n

Installed:
\n vsftpd.x86_64 0:2.2.2-13.el6_6.1<\/p>\n

Complete!<\/p>\n

Third, the configuration<\/p>\n

$ vi \/etc\/vsftpd\/vsftpd.conf<\/p>\n

isten_address=192.168.1.61
\nlisten_port=21 # specified listening port
\nanonymous_enable=NO
\nlocal_enable=YES
\nwrite_enable=YES
\nlocal_umask=022 # local user to upload a file mask
\ndirmessage_enable=YES
\nxferlog_enable=YES
\nconnect_from_port_20=YES
\nxferlog_file=\/var\/log\/xferlog
\nxferlog_std_format=YES
\nftpd_banner=Welcome to Mohan FTP service.
\nchroot_local_user=YES
\nchroot_list_enable=YES
\nchroot_list_file=\/etc\/vsftpd\/chroot_list
\nlisten=YES
\npam_service_name=vsftpd
\nuserlist_enable=YES
\nuserlist_deny=YES
\ntcp_wrappers=YES
\nuserlist_file=\/etc\/vsftpd\/user_list
\npasv_enable=YES
\npasv_min_port=65400
\npasv_max_port=65410<\/p>\n

listen_address=192.168.1.61 # specified listen address
\nlisten_port=21 # specified listening port
\nanonymous_enable=NO # does not allow anonymous access
\nlocal_enable=YES # allow local users
\nwrite_enable=YES # allowed to upload
\nlocal_umask=022 # local user to upload a file mask
\ndirmessage_enable=YES #
\nxferlog_enable=YES # Enable the log
\nconnect_from_port_20=YES # 20-port connection using ftp
\nxferlog_file=\/var\/log\/xferlog # specified log file location
\nxferlog_std_format=YES # specify the log format to standard output
\nchroot_local_user=YES # Allow Directory Jump
\nchroot_list_enable=YES # allow the user to specify the file directory permissions Jump
\nchroot_list_file=\/etc\/vsftpd\/chroot_list # in the file specifies the user can jump
\nlisten=YES # allows you to specify the listener
\npam_service_name=vsftpd # define pam module file name (The module may not be used, has been userlist substitute)
\nuserlist_enable=YES # allowed to file in the user login
\nuserlist_deny=NO # specified file in addition to the user can log in, the other not and will not allow
\nuserlist_file=\/etc\/vsftpd\/user_list # In this configuration file to specify which users can log on
\ntcp_wrappers=YES # allows the firewall to allow and block specific ip
\npasv_enable=YES # run in passive mode
\npasv_min_port=65400 # assign the starting port
\npasv_max_port=65410 # distribution end port<\/p>\n

Fourth, run
\n$ chkconfig vsftpd on
\n$ chkconfig –list vsftpd
\nvsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
\n$ \/etc\/init.d\/vsftpd start
\n \/etc\/init.d\/vsftpd Start
\n$ setenforce 0 or echo “SELINUX=disabled”> \/etc\/selinux\/config (restart to take effect)<\/p>\n

# Develop a data port 21 and port 20 will automatically open<\/p>\n

$ iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT<\/p>\n

Port # open passive mode
\n$ iptables -A INPUT -m state –state NEW -p tcp –dport 65400:65410 -j ACCEPT
\n$ useradd mohan -s \/sbin\/nologin
\n$ echo “mohan”|passwd mohan123 –stdin <\/p>\n

Fifth, check<\/p>\n

Six customers to upload test<\/p>\n

# Install the client
\n$ Yum install -y ftp<\/p>\n

Configuring FTP server and Restricting their access<\/p>\n

Configuration FTP server: <\/p>\n

VSFTPD is responsible for the FTP service.<\/p>\n

open: \/etc\/vsftpd\/vsftpd.conf<\/p>\n

Change Configuration File: vsftpd.conf<\/p>\n

###Allow anonymous FTP? (Beware \u2013 allowed by default if you comment this out).<\/p>\n

#Restrict Annonomous Users to be logged in<\/p>\n

anonymous_enable=NO<\/p>\n

### Restrict the ftp users to their home directories<\/p>\n

chroot_local_user=YES<\/p>\n

~~Save & Close<\/p>\n

# If userlist_deny=NO, only allow users in this file
\n # If userlist_deny=YES (default), never allow users in this file<\/p>\n

#### Restrict specific users to use ftp. <\/p>\n

open: vi user_list <\/p>\n

# If userlist_deny=NO, only allow users in this file
\n # If userlist_deny=YES (default), never allow users in this file, and
\n # do not even prompt for a password.
\n # Note that the default vsftpd pam config also checks \/etc\/vsftpd\/ftpusers
\n # for users that are denied.
\n # Users that are not allowed to login via ftp<\/p>\n

add user names not allowed to use ftp access<\/p>\n

Open: \/etc\/vsftpd\/ftpusers<\/p>\n

By adding the name of the users we can restrict or, allow any user to use ftp <\/p>\n

~~Save & Close<\/p>\n

#####Creating a group to give access ftp access & Creating Home Directories to be restricted: <\/p>\n

# creating groups:<\/p>\n

groupadd ftp-usrs<\/p>\n

# creating a home directories:<\/p>\n

Creating An FTP server: <\/p>\n

###VSFTPD is responsible for the FTP service.<\/p>\n

open: \/etc\/vsftpd\/vsftpd.conf<\/p>\n

Change Configuration File: vsftpd.conf<\/p>\n

### Allow anonymous FTP? (Beware \u2013 allowed by default if you comment this out).<\/p>\n

#Restrict Annonomous Users to be logged in<\/p>\n

anonymous_enable=NO<\/p>\n

### Restrict the ftp users to their home directories<\/p>\n

chroot_local_user=YES<\/p>\n

~~Save & Close<\/p>\n

# If userlist_deny=NO, only allow users in this file
\n # If userlist_deny=YES (default), never allow users in this file<\/p>\n

### Restrict specific users to use ftp. <\/p>\n

open: vi user_list <\/p>\n

# If userlist_deny=NO, only allow users in this file
\n # If userlist_deny=YES (default), never allow users in this file, and
\n # do not even prompt for a password.
\n # Note that the default vsftpd pam config also checks \/etc\/vsftpd\/ftpusers
\n # for users that are denied.
\n # Users that are not allowed to login via ftp<\/p>\n

add user names not allowed to use ftp access<\/p>\n

Open: \/etc\/vsftpd\/ftpusers<\/p>\n

By adding the name of the users we can restrict or, allow any user to use ftp <\/p>\n

~~Save & Close<\/p>\n

#####Creating a group to give access ftp access & Creating Home Directories to be restricted: <\/p>\n

# creating groups:<\/p>\n

groupadd ftp-usrs<\/p>\n

# creating a home directories:
\n mkdir \/home\/ftp-docs
\n man chmod
\n chmod 750 \/home\/ftp-docs
\n chown root:ftp-usrs \/home\/ftp-docs<\/p>\n

# creating users to be entered in the specific group: <\/p>\n

usradd -g ftp-usrs -d \/home\/ftp-docs f1
\n passwd f1<\/p>\n

##### Restricting sftp service to limited groups: <\/p>\n

open: \/etc\/ssh\/sshd_config<\/p>\n

#### Deny groups or, users who cant not use the sftp protocols<\/p>\n

#write: <\/p>\n

DenyUsers alice f1
\n DenyGroups ftp-usrs<\/p>\n

#Allowing groups or, users access<\/p>\n

write: <\/p>\n

AllowUsers alice f1
\n AllowGroups ftp-usrs<\/p>\n

~~Save & Close<\/p>\n

@@@@@@<\/p>\n

Restart ftp & stfp service<\/p>\n

service vsftpd restart<\/p>\n

\/etc\/init.d\/sshd restart<\/p>\n

!!!!!!!!<\/p>\n

Access the file by restricted ftp & sftp service<\/p>\n

mkdir \/home\/ftp-docs
\n man chmod
\n chmod 750 \/home\/ftp-docs
\n chown root:ftp-usrs \/home\/ftp-docs<\/p>\n

# creating users to be entered in the specific group: <\/p>\n

usradd -g ftp-usrs -d \/home\/ftp-docs f1
\n passwd f1<\/p>\n

##### Restricting sftp service to limited groups: <\/p>\n

open: \/etc\/ssh\/sshd_config<\/p>\n

#### Deny groups or, users who cant not use the sftp protocols<\/p>\n

#write: <\/p>\n

DenyUsers alice f1
\n DenyGroups ftp-usrs<\/p>\n

#Allowing groups or, users access<\/p>\n

write: <\/p>\n

AllowUsers alice f1
\n AllowGroups ftp-usrs<\/p>\n

~~Save & Close<\/p>\n

@@@@@@<\/p>\n

Restart ftp & stfp service<\/p>\n

service vsftpd restart<\/p>\n

\/etc\/init.d\/sshd restart<\/p>\n

!!!!!!!!<\/p>\n

Access the file by restricted ftp & sftp service<\/p>\n","protected":false},"excerpt":{"rendered":"

CentOS6.6<\/p>\n

2?vsftpd-2.2.2<\/p>\n

Second, the installation<\/p>\n

$ yum install -y vsftpd<\/p>\n

[root@oracledbserver mohan]# yum install vsftpd Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile * base: mirror.vodien.com * extras: mirror.vodien.com * updates: mirror.vastspace.net base | 3.7 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 Resolving […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,14,4],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/4929"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4929"}],"version-history":[{"count":4,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/4929\/revisions"}],"predecessor-version":[{"id":4933,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/4929\/revisions\/4933"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}