Skip to main content

Setup FTP server on centos 7 ( VSFTP )


FTP server is used to exchange files between computers over network . This guide helps you to setup ftp server on centos 7 . This guide contains configuration steps for both FTP and SFTP as well as user creation . Here i’ve used VSFTP package which is secure and less vulnerable .
1. FTP Server
2. SFTP Server
3. User creation

Setup FTP server on centos 7

Step 1 » Update your repository and install VSFTPD package .
[[email protected] ~]# yum check-update
[[email protected] ~]# yum -y install vsftpd

Step 2 » After installation you can find /etc/vsftpd/vsftpd.conf file which is the main configuration file for VSFTP.
Take a backup copy before making changes .
[[email protected] ~]# mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orgNow open the file and make changes as below
[[email protected] ~]# nano /etc/vsftpd/vsftpd.confFind this line anonymous_enable=YES ( Line no : 12 ) and change value to NO to disable anonymous FTP access.
anonymous_enable=NO Uncomment the below line ( Line no : 100 ) to restrict users to their home directory.
chroot_local_user=YES and add the below lines at the end of the file to enable passive mode and allow chroot writable.
allow_writeable_chroot=YES
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100

Step 3 » Now restart vsftpd service and make it start automatically after reboot.
[[email protected] ~]# systemctl restart vsftpd.service
[[email protected] ~]# systemctl enable vsftpd.service

Step 4 » Add FTP service in firewall to allow ftp ports .
[[email protected] ~]# firewall-cmd --permanent --add-service=ftp
[[email protected] ~]# firewall-cmd --reload

Step 5 » Setup SEinux to allow ftp access to the users home directories .
[[email protected] ~]# setsebool -P ftp_home_dir on
Step 6 » Now create an User for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server .
[[email protected] ~]# useradd -m dave -s /sbin/nologin
[[email protected] ~]# passwd dave
Now user dave can able to login ftp on port 21 .
You can filezilla or winscp client for accessing files.
Setup ftp server centos 7

SFTP server

SFTP ( Secure File Transfer Protocol ) is used to encrypt connections between clients and the FTP server. It is highly recommended to use SFTP because data is transferred over encrypted connection using SSH-tunnel on port 22 .
Basically we need openssh-server package to enable SFTP .
Install openssh-server package, if its not already installed.
[[email protected] ~]# yum -y install openssh-server
Step 7 » Create a separate group for FTP access.
[[email protected] ~]# groupadd ftpaccess
Step 8 » Now open /etc/ssh/sshd_config file and make changes as below.
Find and comment the below line ( Line no : 147 ).
#Subsystem sftp /usr/libexec/openssh/sftp-serverand add these lines below.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Step 9 » Now restart sshd service.
[[email protected] ~]# systemctl restart sshdNow your SFTP server is configured and ready .

User creation

Step 10 » Create user jack with /sbin/nologin shell and ftpaccess group
[[email protected] ~]# useradd -m jack -s /sbin/nologin -g ftpaccess
[[email protected] ~]# passwd jack
Now assign root ownership for the home directory for chroot access and modify permission.
[[email protected] ~]# chown root /home/jack
[[email protected] ~]# chmod 750 /home/jack
Create a directory www inside home directory for writing and modify ownership .
[[email protected] ~]# mkdir /home/jack/www
[[email protected] ~]# chown jack:ftpaccess /home/jack/www

Now jack can use both ftp and sftp services . He can upload files in www directory .
Setup ftp server centos 7
If you are going to use FTP and SFTP together in the same server, you should follow above steps while creating users . For existing users add them to ftpaccess and make below changes.
[[email protected] ~]# usermod dave -g ftpaccess
[[email protected] ~]# chown root /home/dave
[[email protected] ~]# chmod 750 /home/dave
[[email protected] ~]# mkdir /home/dave/www
[[email protected] ~]# chown dave:ftpaccess /home/dave/www

Also see :
» Setup FTP server on ubuntu 14.04
» Configure ftp server on centos 6

Have a nice day.

  • Jhon Edison Castañeda Lozano

    Tks very much..!! Jhon – Bogotá, Colombia.

  • urmoucher

    I followed the section on setting up SFTP, but I still can’t connect with filezilla (after password entry – Error: Network error: Software caused connection abort; Error: Could not connect to server) and Putty closes with the same error as soon as I hit return on the password. I can connect to other servers on my network and remotely, so not sure what the issue is. And I can access the server directly with those user credentials, so not clear what is going on. And I am a member of the group ftpaccess.

    If I undo the customization of /etc/ssh/sshd_config, then it works.

  • Pingback: Настройка SFTP на Centos | Записки системного администратора()

  • TAvmarah

    Please add some purpose of each command so that We’ll know more about it before we install it in our server.. thanks….

  • TAvmarah

    Please add some purpose of each command so that We’ll know more about it before we install it in our server.. thanks… 🙂

  • Pingback: Настройка FTP-сервера на CentOS 7 (VSFTP)()

  • Noah Erickson

    I had to skip step 8. The changes to sshd_config prevented all access over ssh. Not sure why.

    • Chris Barry

      Modify the the /etc/ssh/sshd_config file and comment out the following line:

      #Subsystem sftp /usr/libexec/openssh/sftp-server

      Next, add the following line to the /etc/ssh/sshd_config file

      Subsystem sftp internal-sftp

      this is whats missing

      never told us to comment out the first line

      • Amri

        I commented out “Subsystem sftp /usr/libexec/openssh/sftp-server”
        But still get the following error while trying to connect via a SFTP client :
        The user name or password was not accepted by the server.

        Additionally, I see in /var/log/secure
        “Jun 14 19:16:34 localhost sshd[20114]: Connection closed by xxx.xxx.xxx.xxx [preauth]”

        Any suggestions will be truly appreciated

        Thanks

  • Pingback: How to setup FTP server on ubuntu 14.04 ( VSFTPD )()

  • BBvT

    Thanks! Worked like a charm.

    But there’s a small error in Step 2:
    Take a backup copy before making changes .

    [WRONG]
    [[email protected] ~]# mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org”

    In order to backup the file you should copy it. And not move it.

    [RIGHT]
    [[email protected] ~]# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org

  • Mike Barrett

    No such thing as a vsftpd.conf in my /etc/vsftpf/ directory

  • Robert Williams

    Good article. I’m wondering what is better? Vsftpd or Proftpd?
    I installed proftpd from an article I found on the Rosehosting blog, but now that i’ve stumbled upon yours I wonder what is better.
    Which FTP service is better and more secure?

  • Omar Omar

    Where can i download the installation from? Please help me..

  • YnnoSWaFu

    Thanks for this great tut…

    It worked like a charm.. I just need to know how would I monitor the real time log just as in e.g. filezilla, bulletproof server that scrolls up or shows the screen logs when somebody connects to the FTP?

    This is good for me so I can easily monitor the server if running or not and address the issues immediately.

    Appreciate much your comments and advises.

    🙂