หน้าเว็บ

Thursday, March 21, 2013

FTP and VSFTPD Configuration

File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols that Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands.

The Very Secure FTP Daemon (vsftpd) is designed from the ground up to be fast, stable, and, most importantly, secure. Its ability to handle large numbers of connections efficiently and securely is why vsftpd is the only stand-alone FTP distributed with Red Hat Enterprise Linux.

FSFTPD Configuration

  1. Run rpm -q ftp to see if the ftp package is installed.
    If it is not, run yum install ftp as the root user to install it.
  2. Run rpm -q vsftpd to see if the vsftpd package is installed.
    If it is not, run yum install vsftpd as the root user to install it.
  3. In Red Hat Enterprise Linux, vsftpd only allows anonymous users to log in by default. To allow authenticated users to log in, edit /etc/vsftpd/vsftpd.conf as the root user. Make sure the local_enable=YES option is uncommented.
    # Uncomment this to allow local users to log in.
    local_enable=YES
      
  4. Run service vsftpd start as the root user to start vsftpd.
    If the service was running before editing vsftpd.conf, run service vsftpd restart as the root user to apply the configuration changes. (can check status of vsftpd via run service vsftpd status)
    [root@myserver ~]#
    [root@myserver ~]# service vsftpd status
    vsftpd is stopped
    [root@myserver ~]#
    [root@myserver ~]# service vsftpd start
    Starting vsftpd for vsftpd:                                [  OK  ]
    [root@myserver ~]#
    [root@myserver ~]# service vsftpd status
    vsftpd (pid 14059) is running...
    [root@myserver ~]#
     
      
  5. Run ftp localhost as the user you are currently logged in with. When prompted for your name, make sure your username is displayed. If the correct username is displayed, press Enter, otherwise, enter the correct username.
    [root@myserver ~]#
    [root@myserver ~]# ftp localhost
    Connected to localhost.
    220 (vsFTPd 2.0.5)
    530 Please login with USER and PASS.
    530 Please login with USER and PASS.
    KERBEROS_V4 rejected as an authentication type
    Name (localhost:root): myuser
    331 Please specify the password.
    Password:
    230 Login successful.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp>
    ftp>
    ftp> quit
    221 Goodbye.
    [root@myserver ~]#
     
      
  6. An SELinux denial similar to the following is logged:

    setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (username). For complete SELinux messages. run sealert -l c366e889-2553-4c16-b73f-92f36a1730ce

  7. Access to home directories has been denied by SELinux. This can be fixed by activating the ftp_home_dir Boolean. Enable this ftp_home_dir Boolean by running the following command as the root user: (Do not use the -P option if you do not want changes to persist across reboots.)
    [root@myserver ~]# setsebool -P ftp_home_dir=1 
      

Refer to:redhat.com: File Transfer Protocol
redhat.com: FTP Servers

No comments:

Post a Comment