FTP configuration in Linux

There are many different ways you can share files with users on your network. This capability is important because you don’t always want your users storing things locally on their desktop or laptop.
Should something happen to your end users’ systems, they would lose all their work…not to mention that it would cause a backup strategy nightmare. An easier solution for management and security would be to store all your files in a centralized location.
To transfer a file using the FTP protocol, a user must log in to an FTP server, which can be done with credentials or anonymously. When the user is connected, she can traverse the directory structure for any directory or file for which she has permissions.
If the protocol is not configured properly, this can leave your entire system open to attack and make it hard to track if the attack is done through an anonymous connection!
The second big issue with the FTP protocol is that when the user logs in with a username and password, they are passed over the network in clear-text, meaning that anyone listening can see them.
So, why use the FTP protocol at all? It’s easy to set up, and when used correctly, it’s highly effective for delivering files to end users.
Almost all major computer makers (HP, Dell, Apple) offer drivers for their systems over FTP, which allows for simple download by end users and organized structure on the back end for the drivers themselves.

Task 1  : Installing FTP Services

In RHEL6 and later versions,  we use the vsftpd package, which stands for Very Secure FTP Daemon.
This particular FTP server offers additional features that make it a more secure choice if you have to use FTP. As with all services that you’d like to offer to your network users, you need to make sure that the appropriate packages are installed. Here’s how.
Step 1. Grab the required package:

# yum install -y vsftpd

Step 2. When the installation is complete, verify it was installed successfully:

# rpm -qa | grep vsftpd
vsftpd-2.2.2-6.el6.x86_64

Step 3. Ensure that the service will start on system boot:

# chkconfig vsftpd on

Step 4. Verify the service starts on boot:

# chkconfig vsftpd –list
vsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Task 2: Configuring VSFTP in Linux

Step 1. Look at which options are available in the config file:

# grep -v ^# vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Step 2. Now let’s go over what each of these options can be used for:

anonymous_enable=YES

The default; sets security, although it should be changed to NO for better host-based security

local_enable=YES

Allows local users to log in

write_enable=YES

Enables users to write to directories

local_umask=022

Sets the umask for all uploaded files

dirmessage_enable=YES

Displays directory messages

xferlog_enable=YES

Logs all transfer activity to /var/log/xferlog

connect_from_port_20=YES

Forces port transfers to originate from port 20

xferlog_std_format=YES

Logs everything in standard transfer format

listen=YES

Allows the server to listen for connections

pam_service_name=vsftpd

Specifies the name used for the PAM service

userlist_enable=YES

Enables the service to consult user_list

tcp_wrappers=YES

Allows incoming requests based on the TCP Wrappers configuration
userlist_deny=YES
Enables users listed in user_list to log in via FTP.
These default settings for the vsftpd service allow you to get off the ground running with the FTP service.
At this point, any one of your system’s users is able to log in to the vsftpd service, but because the firewall is enabled by default, the connection will be denied.
Before you open the connection to your users, take some time to become familiar with the different options you can configure on your FTP server. The config file is heavily documented as to what each option does.