How to setup vsftpd FTP file Server on Redhat 7 Linux

Forward from: https://linuxconfig.org/how-to-setup-vsftpd-ftp-file-server-on-redhat-7-linux

How to setup vsftpd FTP file Server on Redhat 7 Linux

 

In this short config we will install FTP file Server on RHEL7 Linux using vsftpd. We will stick to the default vsftpd configuration which enables user accounts on our existing RHEL7 Linux system to login via FTP from a remote location, list and transfer files. Let's begin by the installation:

To install FTP server on Redhat 7 Linux we can use either tftp-server or vsftpd daemon. In this guide we use vsftpd:

[root@rhel7 ~]# yum install vsftpd

Next, we can start the vsftpd service by using a service command:

[root@rhel7 ~]# service vsftpd start
Redirecting to /bin/systemctl start  vsftpd.service

To make the FTP service startup persistent after system reboot use:

[root@rhel7 ~]# systemctl enable vsftpd
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'

Check and see whether port 21 is open. Do not worry if you do not see IPv4 of this port open as its IPv6 bind.

[root@rhel7 ~]# netstat -tanp | grep LISTEN

We also need to open firewall port otherwise we will see a following error message when we try to connect:

ftp: connect: No route to host
ftp>

To open a port 21 on Redhat 7 linux use the following commands. The port we remain open to public even after system restart:

[root@rhel7 ~]# firewall-cmd --zone=public --add-port=21/tcp --permanent
success
[root@rhel7 ~]# firewall-cmd --reload
success

At this point we should be able to connect from a remote host where the IP address of our FTP service is 10.1.1.110:

$ ftp 10.1.1.110
Connected to 10.1.1.110 (10.1.1.110).
220 (vsFTPd 3.0.2)
Name (10.1.1.110:lrendek): rhel7
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

The next configuration we need to perform is to enable iptables module ip_conntrack_ftp otherwise we will see a following error message query our FTP server after successful login:

ftp> ls
227 Entering Passive Mode (10,1,1,110,166,190).
ftp: connect: No route to host
ftp>

As a temporary solution we use modprobe to load the ip_conntrack_ftp module:

[root@rhel7 ~]# modprobe ip_conntrack_ftp

See this page for a more permanent solution on how to load ip_conntrack_ftp module after reboot.

The last configuration we need to perform is to enable selinux FTP context for user directories currently on the system otherwise we will not be able to read/write or transfer any files between FTP server and FTP client:

230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put ftp-test.txt
local: ftp-test.txt remote: ftp-test.txt
227 Entering Passive Mode (10,1,1,110,125,139).
553 Could not create file.

To enable selinux FTP home directory context to allow read and write commands. For this we use setsebool command:

[root@rhel7 ~]# setsebool -P ftp_home_dir=1

The above will set selinux FTP home directory context permanently -P after reboot.

ftp> put ftp-test.txt
local: ftp-test.txt remote: ftp-test.txt
227 Entering Passive Mode (10,1,1,110,174,219).
150 Ok to send data.
226 Transfer complete.

Now you have your FTP server setup. For more configuration options see the main vsftpd FTP server configuration file/etc/vsftpd/vsftpd.conf. When making a changes to the configuration file make sure to apply them by restarting FTP service:

[root@rhel7 ~]# service vsftpd restart
Redirecting to /bin/systemctl restart  vsftpd.service