June 19, 2012

Beginner

How To Set Up vsftpd on CentOS 6

Tagged In: Cent Os, Linux Basics

About vsftpd

Warning: FTP is inherently insecure. If you must use FTP, consider securing your FTP connection with SSL/TLS. Otherwise, it is best to use SFTP, a secure alternative to FTP.

The first two letters of vsftpd stand for "very secure" and the program was built to have strongest protection against possible FTP vulnerabilities.

Step One—Install vsftpd

You can quickly install vsftpd on your virtual private server in the command line:
sudo yum install vsftpd

We also need to install the FTP client, so that we can connect to an FTP server:
sudo yum install ftp

Once the files finish downloading, vsftpd will be on your VPS. Generally speaking, the virtual private server is already configured with a reasonable amount of security. However, it does provide access to anonymous users.

Step Two—Configure VSFTP


Once VSFTP is installed, you can adjust the configuration.

Open up the configuration file:
sudo vi /etc/vsftpd/vsftpd.conf

One primary change you need to make is to change the Anonymous_enable to No:
anonymous_enable=NO

Prior to this change, vsftpd allowed anonymous, unidentified users to access the VPS's files. This is useful if you are seeking to distribute information widely, but may be considered a serious security issue in most other cases.

After that, uncomment the local_enable option, changing it to yes.
local_enable=YES

Finish up by uncommenting command to chroot_local_user. When this line is set to Yes, all the local users will be jailed within their chroot and will be denied access to any other part of the server.
chroot_local_user=YES

Finish up by restarting vsftpd:
sudo service vsftpd restart

In order to ensure that vsftpd runs at boot, run chkconfig:
chkconfig vsftpd on

Step Three—Access the FTP server


Once you have installed the FTP server and configured it to your liking, you can now access it.

You can reach an FTP server in the browser by typing the domain name into the address bar and logging in with the appropriate ID. Keep in mind, you will only be able to access the user's home directory.
ftp://example.com

Alternatively, you can reach the FTP server through the command line by typing:
 ftp example.com

Then you can use the word, "exit," to get out of the FTP shell.



By Etel Sverdlov

Share this Tutorial

Vote on Hacker News

Try this tutorial on an SSD cloud server.

Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more

Create an account or login:

86 Comments

Write Tutorial
  • Gravatar Jonathan Tittle over 1 year

    You may want to add "chkconfig vsftpd on" to the end, otherwise when the server/VPS is rebooted, no user will be able to log-in until vsftpd is started from CLI.

  • Gravatar Etel Sverdlov over 1 year

    Thanks for the addition—I have updated the article to include chkconfig!

  • Gravatar sudsachin over 1 year

    Nice Tutorial! But please add how to setup users and their default path or directory of access.

  • Gravatar Etel Sverdlov over 1 year

    Hi Sudsachin, that's a great suggestion! I will build out the article further in the coming days. Thanks!

  • Gravatar limitmaker over 1 year

    Etel, I'm really liking digital ocean tutorials. I was hoping you could create a tutorial on how to install virtualization and get it started via CentOS 6.3 1. Tried KVM - I can't figure out how to get the connections to bridge so that I can access the world outside my VPS I created. 2. Tried LXC - Couldn't get it to work 3.Tried Xen - The only kernels I can find do not seem to work with CentOS6.3 Can you save me? :)

  • Gravatar Moisey over 1 year

    If you are running virtualization inside of a virtual server from DigitalOcean you will most likely not be able to bridge the connection because the server is already virtualized and running through the hypervisor. Or is this on a dedicated system.

  • Gravatar limitmaker over 1 year

    This is on a dedicated server.. I only came across this place via google.

  • Gravatar Moisey over 1 year

    You should be able to get a dedicated server to be setup as a hypervisor with KVM installed on it - however the networking bridge can also be affected on your network setup from the switch that your server is connected to. Best thing to do is contact your dedicated server provider and see if they can provide you a bit of guidance in getting this setup.

  • Gravatar ja.delcallar over 1 year

    what will be the ftp username and password for this setup?

  • Gravatar Etel Sverdlov over 1 year

    It will be your existing server user

  • Gravatar gildus over 1 year

    When add a new user: # adduser userftp # passwd userftp You can disable the login ssh with and just for ftp: # usermod -s /sbin/nologin userftp Regarsd

  • Gravatar ja.delcallar over 1 year

    Thanks Etel and Gildus, Now I already created an ftp login and I was able to successfully login using filezilla, but I cannot upload files beacause I do not see var/www/html folder

  • Gravatar Moisey over 1 year

    That sounds like a user path issue, what you could do is upload a file like: test_file Then login to the system as root and see where that file is located: find / -name test_file Then you will see where that user is logging in if it's not displayed when you issue the PWD command inside of FTP and you can review your user's home directory accordingly.

  • Gravatar kevin over 1 year

    Just signed up after a year with another cloud provider. Going to miss their support, but their cloud options are just not performing the way we need them to. Problem now is I have to set up this server and man I'm having issues. Would be a great start to learn how to set up users and passwords jailed to a directory. My goal right now is to get a test installation of Wordpress to update plugins via ftp, but not working. Final goal is to run Magento using Nginx here on DO.

  • Gravatar Moisey over 1 year

    Easiest way to do jailing is to restrict SSH access for all new users so that they only have FTP access, you can do that by modifying their "shell" to something like /sbin/nologin. Then move forward step by step from there.

  • Gravatar ed about 1 year

    Ok I am really loving these articles. Concise, to the point and they work. This article is a great example. Yes I have installed FTP servers and VSFTPD before. However these articles point me in the right direction and help me avoid previous pitfalls. Last time VSFTPD was a schlepp. This time a breeze! rock on

  • Gravatar Etel Sverdlov about 1 year

    Thank you, Ed! Thank you so much for your kind comment! It's really appreciated =]

  • Gravatar jazz80 about 1 year

    Thank you very nice tutorial, got running in 10 mins!

  • Gravatar yanikkoval about 1 year

    Thanks alot! But its work only with SFTP connection

  • Gravatar apple about 1 year

    I agree these articles are great. However, I am not able to connect via FTP after following these instructions.

  • Gravatar apple about 1 year

    Opps, I stand corrected SFTP is working. Thank you.

  • Gravatar Dan Vera about 1 year

    @ sudsachin on the last line just add local_root=public_html

  • Gravatar David Levy about 1 year

    Thank you for this tutorial. I'm not quite understanding how to have the sftp login have a unique password separate from SSH? Any step by step clarification? I'd appreciate it!

  • Gravatar David Levy about 1 year

    Another question is how to give SFTP a specific port number? in conjunction with iptables?

  • Gravatar David Levy about 1 year

    Wish I could edit my posts so I wouldn't be triple posting.. but anyway some things to add I found from this article: http://king-tutor.com/index.php/centos-6-3/24-install-and-configure-vsftp-on-centos-6-3 configure iptables /etc/sysconfig/iptables: -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT Ensure that the space-separated list of modules contains the FTP connection-tracking module /etc/sysconfig/iptables-config IPTABLES_MODULES="ip_conntrack_ftp"

  • Gravatar muriloreinert about 1 year

    Ty Etel :D Here, to send files using nginx, i need set local_root TYPE: vi /etc/vsftpd/vsftpd.conf WRITE: local_root=/usr/share/nginx/html TYPE: sudo chown -R YOUR_FTP_USER_HERE /usr/share/nginx/html

  • Gravatar aadeshgandhi about 1 year

    Hello, I have system with Centos 6.3 loaded on it and I want to convert it into a server that can be accessed over the internet and also shared with friends and family with read access. This is my very first time using linux so could you please help me out? I played around a bit with owncloud with no success hence just loaded the Centos OS once again to start afresh. FYI I do not have a domain name registered in my name. I have a internet connection that does not provide static ip. Thanks, AVG.

  • Gravatar kiran about 1 year

    Hi , login to ftp with server username and password. But the default folder it gives access is to /home/. How can i set the default folder to var/www/html folder Thanks Kiran

  • Gravatar raviprasad 12 months

    Nice article....It works perfect...Thanks a lot

  • Gravatar Kamal Nasser 12 months

    @David Levy SFTP authenticated using SSH, so you can't have different passwords. To change the port, edit the Port 22 line in /etc/ssh/sshd_config and restart ssh.

  • Gravatar Kamal Nasser 12 months

    @kiran Please see muriloreinert's comment above.

  • Gravatar newztech 11 months

    @muriloreinert Thanks. It works.

  • Gravatar siatg 10 months

    When trying to execute "chkconfig vsftpd on", I get this message: You do not have enough privileges to perform this operation. Do you know what is happening ?

  • Gravatar Kamal Nasser 10 months

    @siatg you must follow this tutorial as root (you can also run "sudo -s" as an account with sudo privileges).

  • Gravatar complementaryart 10 months

    I followed the instructions and succesfully setup the ftp, now i want to login, i guess i have to create a user..how?

  • Gravatar Kamal Nasser 10 months

    @complementaryart you can add a user by running the following command: "sudo adduser yourusernamehere"

  • Gravatar nest.u333 10 months

    To get FTP access to /var/www/html folder use the root user as the ftp user 1. assign a password to the root user -> passwd root 2. sudo nano /etc/vsftpd/user_list and comment on root 3. sudo nano /etc/vsftpd/ftpusers and comment on root again 4. sudo nano /etc/vsftpd/vsftpd.conf and write at the end local_root=/var/www/html there might be some security issues at using the root user as ftp but it did the trick for me. I also thought about using aliases as explained here http://httpd.apache.org/docs/2.2/urlmapping.html but I cant figure out how to define them. Other suggestions on a better approach will be most welcome!

  • Gravatar eughenio 10 months

    The @muriloreinert comments doesn't work for me. I can login only with one of my VPS users, but in the /home folder. What's the steps I need do to all my VPS users access the /var/www/html folder?

  • Gravatar Kamal Nasser 10 months

    @eughenio Move all the files from /var/www/html to your user's home directory and symlink it so Apache/nginx can still access it: mv /var/www/html /home/youruser/html ln -s /var/www/html /home/youruser/html

  • Gravatar SaM5246 10 months

    It does not work for me except to allow access from the command line It won't work with FireFTP or in the browser This tutorial needs to be updated

  • Gravatar SaM5246 10 months

    To check if the iptables are what's not causing you to connect you can shut it down # service iptables stop then try your connection, to restart it later... # service iptables start To open ports in iptables type the following command from the command prompt # iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT Then type: # service iptables save Then type: # service iptables restart You can do the same as above except change the port number to port 21 to check the file to see what ports are open use: # cat /etc/sysconfig/iptables

  • Gravatar SaM5246 10 months

    I've personally tried everything and I can't connect via FTP I changed the conf file to allow anonymous connections, then tried to login with my FTP client (fire FTP) as anonymous I also shutdown iptables service and it still won't let me connect Anyone have any ideas what's going on? I'm able to access the server, I can visit my site and it shows the Apache test page so I know it's working and accessible. I'm also using the same FTP Client (fire FTP) to connect to a different server and it works. So I know it's nothing blocking my connections on my end.

  • Gravatar SaM5246 10 months

    ***************I finally got it working! Here's what I did, I switched to FileZilla FTP Clinet in windows instead of FireFTP, since it shows what errors it's getting. When I saw there was a naming problem I used the ip address of my server (192.111.111.111) instead of the actual web address (mysite.com) FileZilla connected via SFTP on port 22 which I opened with the above. I hope this helps others.

  • Gravatar Kamal Nasser 10 months

    @SaM5246: Glad you got it working! If you plan on using SFTP, I recommend closing down the FTP port/removing vsftpd.

  • Gravatar eughenio 10 months

    I've changed the chroot_local_user to NO and enter the values at the end of file: local_root=/var/www/html file_open_mode=0755 chmod_enable=YES I can access the FTP and access with different users. The problem now is, I can't overwrite an file, the FTP says I'm not allowed.... If I change the chmod of file to 777 it let me overwrite the file, in another case I receive the message: 553 Could not create file. Error: Critical file transfer error How can I fix it???

  • Gravatar Kamal Nasser 10 months

    @eughenio: Make sure the user you're connecting as has write permission to /var/www/html: chmod -R youruser:youruser /var/www/html

  • Gravatar eughenio 10 months

    @Kamal Nasser, I tried, but I received: chmod: invalid mode: `USER:USER' Try `chmod --help' for more information.

  • Gravatar Kamal Nasser 10 months

    Sorry, my bad. It should be 'chown', not 'chmod'.

  • Gravatar miriam.weiss 9 months

    Thank you!

  • Gravatar rohanleach4 9 months

    I couldn't get these instructions to work with FTP. But could with SFTP. I think it may be worth changing your tutorial to accommodate this. Thanks

  • Gravatar ensign.yc1989 9 months

    Hello Your tutorials are mostly to the point with the exception of using FTP log-in for installing new WP themes.I encountered "Unable to create directory wp-content..." error and had to revert to using root by modifying user_list, ftpusers, etc. Please could you kindly update the tutorial to clarify this process. Thank you. /Soyful

  • Gravatar Kamal Nasser 9 months

    @ensign: It depends on your virtualhost structure and where you're storing wordpress's source files really.

  • Gravatar edward.craft 9 months

    There was no chroot_local_user line to uncomment and change. Should I add it?

  • Gravatar Kamal Nasser 9 months

    Yes

  • Gravatar Rodrigo Campos 8 months

    @Kamal Nasser: Can I only chown to me the /var/www/html and make a symlink in my home dir to it? I tried but doesn't work! Help me!

  • Gravatar Kamal Nasser 8 months

    @campos6: How did you try it and what commands did you run? Define "doesn't work".

  • Gravatar mgarcia 8 months

    Great howto, Im impressed how simple is to setup vsftp and exact the options I was looking

  • Gravatar bubobih 8 months

    i need to make ftp and acess to all over browser,but in ftp (fillezilla) need to make password and user.....im not realy good it this,can someone explane me some....im trying o make this for 5 days..... im install apache vsftpd ftp its on centos......please some help :P

  • Gravatar dnlclwrs 8 months

    This was an easy and simple tutorial. Had it going in five minutes. Thank you for this! I still do have a question though. As the tutorial states, this basically only gives access to the specified user's home directory. What I am wanting to do, is give this user access to not just their home directory, but the /var/www/html directory as well. I'd actually like their root directory to be the html directory so that when I log in via FTP I'm already where I need to be. What files and configurations do I need to add/change? Thanks!

  • Gravatar Kamal Nasser 8 months

    @dnlclwrs: vsftpd chroots the user to his home directory by default. Try moving /var/www/html to /home/youruser/html and linking /var/www/html to /home/youruser/html:

    mv /var/www/html /home/youruser/html
    ln -s /home/youruser/html /var/www/html

  • Gravatar dnlclwrs 8 months

    @Kamal Thanks buddy, worked like a charm. Only additional step I needed was to chown -R username the directory even though it was already in my home directory. Not sure why. But yeah, thanks!

  • Gravatar Kamal Nasser 8 months

    Sweet

  • Gravatar yazirarafath 8 months

    I can connect using Filezilla via SFTP as "root" and "otheruser" But, just prompting for username and password when I try to connect through the browser. It doesn't accept my credentials. And, I couldn't find /var/www/html folder anywhere in the VPS.

  • Gravatar Kamal Nasser 8 months

    @yazirarafath: You shouldn't connect to FTP using your browser. Are you sure you're passing the correct login credentials? Check vsftpd's error logs for errors.

  • Gravatar dnlclwrs 8 months

    Considering this tutorial and the comments have been very helpful, I figured I'd ask another question. Basically I have gotten everything sorted out, however what I am wanting to do now is add users and restrict them to specific directories. As an example, I have two directories in my /var/www called example1.com and example2.org. I have two users I've added named User1 and User2. How would I go about restricting FTP access of /var/www/example1.com/ to User1 and /var/www/example2.org/ to User2? Meaning neither could go into each other's directories or higher. Any help would be great, thanks!

  • Gravatar Kamal Nasser 7 months

    @dnlclwrs: Create example1.com under /home/user1 and link it to /var/www/example1.com:

    ln -s /home/user1/example.com /var/www/example1.com
    Do the same for example2. If you followed this article correctly, both users should be chrooted to their home directories.

  • Gravatar digitalocean 7 months

    These directions are very clear and helpful, thank you! My only problem was that when I tried to log in as a non-root user, this error message appeared: 500: OOPS: cannot change directory:/home/xxx where xxx is my username. Another web page showed me the answer -- I had to do this: sudo /usr/sbin/setsebool -P ftp_home_dir 1 Apparently SELinux kept vsftpd from changing the current directory to my home directory.

  • Gravatar Kamal Nasser 7 months

    @digitalocean: Glad it's working now :]

  • Gravatar Alex M 7 months

    I am unable to get this to work. I have made sure iptables are allowing SSH connections on port 22. I have tried to login with root as well as user I created with root privileges. Attempting to connect directly to Droplet IP address and I'm getting connection refused. Followed this tutorial exactly. What gives?

  • Gravatar Kamal Nasser 7 months

    @alex.mamel: vsftpd uses port 21, try connecting to that port -- does it work?

  • Gravatar mkm29 7 months

    Command: OPTS UTF8 ON Response: 200 Always in UTF8 mode. Status: Connected Status: Starting upload of C:\Users\mmoriarta\Desktop\Backup Stuff\AlexM.docx Command: CWD /Test Response: 250 Directory successfully changed. Command: PWD Response: 257 "/Test" Command: TYPE I Response: 200 Switching to Binary mode. Command: PASV Response: 227 Entering Passive Mode (192,168,66,137,144,77). Command: STOR AlexM.docx Response: 553 Could not create file. Error: Critical file transfer error Status: Disconnected from server This is the error I am receiving. I created a couple of users. Each was logging in successfully. It was not till I put local_root=/var/ftp/pub that I was able to see any directory listings. I followed these commands. Create an FTP user group Create an FTP user group “ftpusers” with the following command: # groupadd ftpusers Add the new user “ftp1? to this group, and set the default path of that user to /var/www. # adduser -g ftpusers -d /var/www ftp1 Set a password for the newly created user, ill use: cisco # passwd ftp1 Set ownership of /var/www to the ftp1 user and ftpusers group. chown ftp1:ftpusers /var/www Give Read & Write access to user ftp1 and all members in ftpusers group # chmod 775 /var/www Make sure the user ftp1 login shell is set to /sbin/nologin. # vi /etc/passwd ftp1:x:500:500::/var/www:/sbin/nologin Lets start/restart svftpd service. # service vsftpd restart I then followed your instructions to a T and still same error. Please help

  • Gravatar mkm29 7 months

    Had everything to do with SELinux. Just need to make the command getenforce permissive and it all worked. The working directory is /etc/sysconfig. Just vi the selinux file and add the parameter permissive. This will enable the FTP server to boot permissive.

  • Gravatar canartuc 7 months

    Hello, For whom wants to add different ftp user, you sould follow these steps (I just made it and it works). Scenerio: Our ftp user name is ftp_user and password is whatever you want. Our httpdocs folder is located at: /var/www/html (this is not scenerio, it is real path :)) 1. Create user: useradd ftp_user 2. Create password for ftp_user: passwd ftp_user 3. It will ask your password twice and your ftp_user will be created. The thing is, actually you didn't create a user for ftp, you created a user for system. 4. Let's make ftp_user home directory as our httpdocs directory: usermod -d /var/www/html ftp_user 5. Let's make ftp_user can read and write to this directory and its subdirectories: chown -R ftp_user /var/www/html And that's it! You can now use FileZilla or similar FTP program, terminal or browser to upload files. Don't forget: 1. If you use FTP program like FileZilla, ftp address will be your IP address or yourdomain.com (NOT ftp.yourdomain.com). 2. If you created files or directories before with root account, you cannot see them with this user. 3. If anything wrong or you want to remove this user completely: userdel -r ftp_user Good luck

  • Gravatar andris.skutans 6 months

    Did chown -R username:username /var/www with WinSCP can login, can see all necessary directories, can download. But can not upload and modify. Get error Error transferring file 'C:\Documents\index.php' Copying files to remote side failed Could not create file

  • Gravatar andris.skutans 6 months

    Tried with Retry and get drwxr-xr-x 3 0 0 4096 Oct 22 18:43 . drwxr-xr-x 9 0 0 4096 Oct 22 12:50 .. -rw-r--r-- 1 0 0 558 Oct 22 19:01 error.log drwxr-xr-x 2 0 0 4096 Oct 22 15:36 public_html -rw-r--r-- 1 0 0 290 Oct 22 19:01 requests.log Copying files to remote side failed.

  • Gravatar Pablo of vDevices.com 6 months

    A viable and secure alternative to vsFTPd is SFTP: How To Use Filezilla to Transfer and Manage Files Securely on your VPS.

  • Gravatar Geoff Jackson 6 months

    In addition to this great tutorial for installing and setting up vsftpd, you might find my ServerFault answer useful for setting up vsftpd users and configuring their home directory.

  • Gravatar info 6 months

    hmmm, i keep getting 530 error in filezilla, and i have created a new user.

  • Gravatar Kamal Nasser 6 months

    @info: Check vsftpd error logs, do you see anything?

  • Gravatar cjfl0res 5 months

    i'm having problems connecting to vsftp via Filezilla after I installed iRedMail. This is my error in Filezilla: Status: Connecting to 162.243.89.203:21... Error: Connection timed out Error: Could not connect to server My vsftpd.conf is edited exactly as stated here. Any ideas?

  • Gravatar Kamal Nasser 5 months

    @cjfl0res: I can connect to port 21 on your droplet. Are you still experiencing this issue?

  • Gravatar Ideaa 5 months

    Hi, I am getting an error while opening directory /var/www/html through ftp using TLS/SSL: 226 transfer done (but failed to open directory) I have tried setting ftp user permission using chown. Even tried disabling SELINUX. But nothing worked. Please check what is causing this issue. Regards

  • Gravatar Kamal Nasser 5 months

    @Ideaa: What's the output of

    stat /var/www /var/www/html
    ?

  • Gravatar Ideaa 5 months

    Now, I am getting PuTTY Fatal Error while connecting through PuTTY. Server unexpectedly closed network connection.

  • Gravatar Kamal Nasser 5 months

    @Ideaa: Is your droplet running? If so, log in using the console and try rebooting it:

    sudo reboot

  • Gravatar Ricardo Parraga 2 months

    Simple and basic tutorial. Got it working on my CentOS 6.5 x64 for my username. The only thing I noticed was: local_enable=YES - This is already set to YES I can suggest to do a copy of the config file before editing: sudo /etc/vsftpd/vsftpd.conf{,.bck}

Leave a Comment

Create an account or login:
Ajax-loader