This guide walks through the process of setting up a basic FTP server using vsftpd on a Linux system. The goal is to allow local users (u1, u2, etc.) to log in and access their own home directories securely.
Create two local user accounts (u1 and u2). These users will be used to test FTP access:
useradd u1
useradd u2Set passwords for the new users:
passwd u1
passwd u2
โ ๏ธ It's important that each user has a valid password to authenticate via FTP.
Edit the vsftpd configuration file:
vim /etc/vsftpd/vsftpd.confExample content for /etc/vsftpd/vsftpd.conf:
# Disallow anonymous logins
anonymous_enable=NO
# Enable local user login
local_enable=YES
# Allow FTP write commands (upload, delete, etc.)
write_enable=YES
# Set default permissions for uploaded files
local_umask=022
# Display directory-specific messages if any
dirmessage_enable=YES
# Enable logging of uploads/downloads
xferlog_enable=YES
# Ensure data connections use port 20
connect_from_port_20=YES
# Use standard FTP xferlog format
xferlog_std_format=YES
# Chroot local users into their home directories
chroot_local_user=YES
# Allow writeable chroot (otherwise vsftpd may reject writeable home dirs)
allow_writeable_chroot=YES
# Enable passive mode with defined port range
pasv_enable=YES
pasv_min_port=55000
pasv_max_port=55999
# PAM authentication service
pam_service_name=vsftpd
# Enable user list
userlist_enable=YES
# Enable IPv6 listener (disable "listen=YES" if this is enabled)
listen=NO
listen_ipv6=YESSave and exit the file after editing.
View the current SELinux mode:
cat /etc/sysconfig/selinuxExample output:
# SELinux status
SELINUX=disabled
SELINUXTYPE=targetedIf SELinux is enforcing, you may need to enable the boolean:
setsebool -P ftp_home_dir 1Apply configuration changes by restarting the vsftpd service:
systemctl restart vsftpd.serviceCheck if the service is active:
systemctl status vsftpd.serviceEnable it at boot:
systemctl enable vsftpd.serviceEnsure that user directories exist and have correct permissions:
mkdir -p /home/u1 /home/u2chown u1:u1 /home/u1chown u2:u2 /home/u2chmod 755 /home/u1 /home/u2You can use chmod 700 if you want their home directories to be private.
If you're running a firewall (like firewalld), allow the passive port range:
firewall-cmd --permanent --add-port=55000-55999/tcpfirewall-cmd --reloadThis ensures that FTP passive mode will work properly, especially behind NAT.
Test the FTP server using a client like the command-line ftp tool:
ftp 192.168.185.150Example login:
Name (192.168.185.150:u1): u1
Password: 123If the connection is successful, you will be placed in /home/u1 and have access to read/write files (based on permissions).
-
Check authentication logs:
journalctl -xe | grep vsftpd -
Ensure the user is not listed in
/etc/vsftpd/ftpusers(users in this file are denied FTP access).
- Passive ports might be blocked by a firewall.
- Ensure proper permissions on home directories.
- Ensure SELinux (if enabled) is not preventing access.
Bilkul! Yahan pe Step 9 (Add Banner Message) ko aur bhi clear, proper aur practical tarike se likh kar de raha hoon โ jaise real setup me use karte hain, including file edit steps aur testing tip bhi.
You can configure vsftpd to display a custom welcome message (banner) to users when they connect via FTP.
- Open the vsftpd configuration file:
nano /etc/vsftpd/vsftpd.conf- Add or modify the following line at the end of the file:
ftpd_banner=Welcome to the Nikhil FTP server.- Restart the vsftpd service to apply changes:
systemctl restart vsftpd.serviceConnect to your FTP server using any FTP client (like ftp command):
ftp 192.168.185.150You should see your custom banner message before it prompts for the username. Example:
Connected to 192.168.185.150.
220 Welcome to the Nikhil FTP server.
Name (192.168.185.150:u1):
man vsftpd- Logs:
/var/log/vsftpd.log/var/log/xferlog/var/log/secure