Ask Your Question
2

Fedora 16 & vsftpd config

asked 2011-12-11 04:15:29 -0500

Arbor gravatar image

updated 2014-09-29 00:20:20 -0500

mether gravatar image

Hi,

I'm trying to create FTP server using vsftpd hovever changes I make in /etc/vsftpd/vsftpd.conf doesn't apply to my server and there is no /etc/vsftpd.conf file as most FAQ say. I can log in from my computer as annonymus so server is runing but it is not what I'm trying to do. Please Help.

edit retag flag offensive close merge delete

4 Answers

Sort by » oldest newest most voted
2

answered 2011-12-11 06:15:57 -0500

hhlp gravatar image

updated 2011-12-11 10:52:55 -0500

First install the server, configure it to start with the system and began:

sudo  yum -y install vsftpd  &&  systemctl enable vsftpd.service

Do not forget to add an entry to iptables, that after all the server setup you wonder why the service does not work ...

The entry would be like:

iptables -A INPUT -p tcp -dport 20 -j ACCEPT
iptables -A INPUT -p tcp -dport 21 -j ACCEPT

The vsftpd configuration file is /etc/vsftpd/vsfptd.conf and configuration is as follows (I omitted the comments are on file and options not used):

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=000
dirmessage_enable=YES

With this line we can monitor the service and have Awstats FTP usage reports:

xferlog_enable=YES
connect_from_port_20=YES
xferlog_file =/var/log/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to my FTP server.

If we want the server to IPv6 is: listen_ipv6=YES

listen=YES

Default users are "caged" in your home directory, and if we keep this from happening to a particular user, add it to your /etc/vsftpd/chroot_list (not exist by default and must be specified with the parameter chroot_list_file=/etc/vsftpd/chroot_list and chroot_list_enable = YES)

chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

If the parameter userlist_enable takes a value YES, users are in the file /etc/vsftpd/user_list are denied access, and if taken as the value NO, only users who are in user_list can access the service.

We have configured the FTP server to access the home directory of each user, if we try we will access the following:

# Ftp server1
Connected to server1 (192.168.1.199).
220 Welcome to my FTP server. Files carrying more than 30 days will be deleted
Name (server1: ):
331 Please specify the password.
Password:
500 UNRWA: chroot
Login failed.

The problem we have with selinux, which is blocking FTP access, so we have to find that value of selinux is preventing us from access:

getsebool -a | grep ftp

allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off

We have to change the value ftp_home_dir:

setsebool -P ftp_home_dir on

And now we have access to your home directory and restart the service again to update the changed:

sudo systemctl restart vsftpd.service

edit flag offensive delete link more

Comments

Minor edit: iptables -A INPUT -p tcp --dport 20 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT

In case you have higher ports open for passive mode connections,

iptables -A INPUT -p tcp --dport 65000:65100 -j ACCEPT

dknight gravatar imagedknight ( 2013-03-08 07:09:42 -0500 )edit
1

answered 2011-12-11 05:06:48 -0500

kubo gravatar image

There are three basic problems with network services you must check:

  1. Service configuration and run: is your config file correct? If you want allow local users check variables anonymous_enable, local_enable, write_enable or chroot_local_users. And yes, config file is/etc/vsftpd/vsftpd.conf.
  2. Check firewall configuration: if you want to enable FTP for remote client, you need to enable port 21 and 20.
  3. Check SELinux setings: if you use local users and use SELinux, you need to config ftp_home_dir variable.

    setsebool -P ftp_home_dir 1

You don't write what specific type of service you want to run ("...but it is not what I'm trying to do."), so this is a little bit common answer.

edit flag offensive delete link more
1

answered 2011-12-11 04:41:29 -0500

ZenDark gravatar image

I'm doing a fast test and it's working here.

vsftpd-2.3.4-6.fc16.x86_64

Edited /etc/vsftpd/vsftpd.conf and to apply changes (new systemctl/services syntax):

systemctl restart vsftpd.service

Maybe your conf file is wrong (some typo/error?) and doesn't load new changes because of that.

edit flag offensive delete link more
0

answered 2011-12-11 10:04:30 -0500

Arbor gravatar image

Ok. I can log in but i can't upload files. My config file :

anonymousenable=YES localenable=YES writeenable=YES localumask=022 dirmessageenable=YES xferlogenable=YES connectfromport20=YES chownuploads=YES xferlogstdformat=YES listen=YES pamservicename=vsftpd userlistenable=YES tcpwrappers=YES anonuploadenable=YES anonmkdirwriteenable=YES anonroot=/home/name/ftp

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2011-12-11 04:15:29 -0500

Seen: 20,836 times

Last updated: Dec 11 '11