- Back to Home »
- Linux »
- How to Set Up Safe FTP in Linux
Thursday, March 22, 2012
What is VSFTPD?
The vsftp daemon runs in the background and allows you or users you designate, to copy files to and from your Linux boxes, using username and password as login credentials. This ability is open to individuals or groups you may want to establish.VSFTPD features include:
- Virtual IP configurations
- Virtual users
- Standalone or inetd operation
- Powerful per-user configurability
- Bandwidth throttling
- Per-source-IP configurability
- Per-source-IP limits
- IPv6
- Encryption support through SSL integration
How To Install VSFTP
The daemon is included in most versions of Linux. If you are using a Debian based distribution like Mint or Ubuntu, open a terminal window and type: sudo apt-get install vsftpdIf you are using a Red Hat based disto, open a terminal window and type: sudo yum install vsftp
How To Configure VSFTP
To configure vsftp, open the vsftpd.conf file in the /etc directory. For instance, if you were using gedit as your text editor, you would type: sudo gedit /etc/vsftpd.confFirst, for a secure setup, you’ll want to disable anonymous access to your ftp server. Change this line: anonymous_enable=YES to anonymous_enable=NO
With anonymous access disabled, you’ll want to allow local users to log in, by uncommenting the following line: #local_enable=YES to local_enable=YES (simply remove the # sign).
Allow write access by uncommenting this line: #write_enable=YES to write_enable=YES
Save and close the file.
Setup an FTP user account:
sudo mkdir -p /home/ftp/ftpuser
sudo useradd ftpuser -d /home/ftp/ftpuser -s /bin/false
sudo passwd ftpuser
sudo useradd ftpuser -d /home/ftp/ftpuser -s /bin/false
sudo passwd ftpuser
Debian: sudo etc/init.d/vsftpd restart
Red Hat: sudo service vsftpd restart
net stat -a | grep ftp
ftp ip address or host name: ftp 100.00.00.00
Other VSFTP Configuration Options
There are many other options you can add to this file:- Limiting the maximum number of client connections (max_clients)
- Limiting the number of connections by source IP address (max_per_ip)
- Setting the maximum rate of data transfer per anonymous login (anon_max_rate)
- Setting the maximum rate of data transfer per non-anonymous login (local_max_rate)