How To Configure FTP Server in RHEL6

7/23/2015
HowtoconfigureFTPserverinRHEL6
InthistutorialIwillconfigureFTPServeronRHEL6.FTPisthemostwidelyusedprotocolforfiletransfer.
AsalinuxAdministratoryoushouldknow
FTPstandforFileTransferProtocol.
FTPdoesnotrequiretologindirectlyintotheremotehost
FTPtransferdatawithoutencryption
vsftpdistheonlystandaloneFTPdistributedWithRHEL6
vsftpdstandforVerySecureFTPDaemon
vsftpdissecure,fastandstableversionofFTP
vsftpdefficientlyhandlelargenumbersofconnectionsecurely
YoushoulduseSFTPinsteadofFTPwhiletransferringdataoverpublicnetworklikeInternet
RHCEExamObjectivecoveredinthistutorial
Configureanonymousonlydownload.
InthistutorialIwillusetwosystemsServerandlinuxclientfromourLABenvironment.IwillconfigureFTPServer
onServersystemandftpclientonlinuxclientsystem.Ifyouwanttocheckthenetworktopologyusedinthisarticle
pleasecheckfollowingarticle.LabsetupforRHCE6practice.
PrepareLABforFTPpractice
ConfigureFTPServeronRHEL6
vsftpdpackageisrequiredforFTPServer.Checkwhetherpackageisinstalledornot.Ifpackageismissinginstallit
first.
Configurevsftpdservicetostartatboot
Currentstatusofvsftpdservicemustberunning.Startifitisstopped.Restartvsftpdservicewheneveryoumade
anychangeinconfigurationfile.
FTPServerisbydefaultconfiguredtolistenonport21.Port21mustbeopenedifyouhaveconfiguredfirewall.The
configurationofafirewallforanFTPserverisarelativelysimpleprocess.
#iptablesAINPUTmstatestateNEWmtcpptcpdport21jACCEPT
Create2normaluseraccountsfortesting.Createanormaluser
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
1/9
7/23/2015
createanothernormaluser
That'sallconfigureweneedonserverrightnow.
ConfigureFTPclientonRHEL6
FromRHELversion6youwillnotbeabletorunftpcommand.Bydefaultyouwillgetfollowingerror
bash:ftp:commandnotfounderror
Torunftpcommandftppackageisrequired.Installitifitisnotinstalled.
CheckconnectivitywithFTPServer.
Nowtryagaintorunftpcommand
WehavesuccessfullyconnectedwithFTPserver.
LABExercises
2/9
7/23/2015
Configureanonymousonlydownload[RHCE6examobjective]
ConfigureFTPservertoallowanonymousaccess,chrootedto/var/ftp
ConfigureFTPServertoalllocalusersexceptuservikramtoftpinserver
Download/uploadmustbeallowedfortheseusersandtheusersmustbechrootedontheirhomedirectory
Configureanonymousonlydownload[RHCE6examobjective]
GoonServersystemandopenmainftpconfigurationfile/etc/vsftpd/vsftpd.conf
vsftpd.confisthemainconfigurationfileofFTPserveranditcontainslotofdirectives.Configurationofan
anonymousonlydownloadisrelativelysimple.Defaultconfigurationofvsftpd.confalreadysupportsanonymousonly
download.Butitalsosupportsaccessfromlocalusers.Allyouneedtodoisdisablethedirectivewhichallowslocally
configureduserstologinwiththeiraccounts.
Commentfollowingdirectivesandsavethefile
Restartthevsftpdservice
WhenauserconnectsontheFTPserverwithanonymoususername,actuallythatuserconnectsontheserverasa
usernamedftp.RHEL6automaticallycreatethisaccountwithfollowingsetting.
ftp:x:14:50:FTPUser:/var/ftp:/sbin/nologin
Withthesesettingusersarenotallowedtologinastheusernamedftp.Sotheyneedtouseanonymousasuser
name.Sowheneverananonymoususerloggedin,heistakentoftpuser'shomedirectory/var/ftp.Soifyouwant
tochangethedefaultdirectoryassociatedwithanonymouslogins,changethehomedirectoryassociatedwiththe
localusernamedftp.Createafileontherootoftheftpdirectory/var/ftp/pub.Thisfilewillbedownloadedby
anonymoususer.
#ddif=/dev/nullof=/var/ftp/pub/filebs=1024count=1000
IfyouarerunningLinuxwithoutSELinuxthat'sallsettingwhichweneedforthisexercise.SELinuxislistedin
RHCE6examobjective.SoifyouhaveconfiguredSELinux,alsoconfigurefollowingbooleanoption.
#chconRtpublic_content_t/var/ftp/pub/
Inthisexerciseweareaskedtoconfigureanonymousdownloadonly.Soweshouldbe
Abletodownloadanonymous
Failtoupload
Failtologinformotheraccountexceptanonymous
GoonlinuxclientsystemandlogintotheFTPserverasanonymoususeranddownloadtest_file
3/9
7/23/2015
Mostcommonlycommandsusedonftppromptare
putTouploadfilesonserver
getTodownloadfilesfromserver
mputTouploadallfiles
mgetTodownloadallfiles
?Toseeallavailablecommandonftpprompts
cdTochangeremotedirectory
lcdTochangelocaldirectory.
Createasamplefile
Loginfromanonymousagainandtrytoupload
Trytologinformnormaluser
4/9
7/23/2015
Restrictanonymoususertoftpdirectory.
Totestthisloginformanonymoususeragain
Trytochangeparentdirectory
ConfigureFTPServertoalllocalusersexceptuservikramtoftpinserver
FTPnonanonymousserver
InthisexercisewewillconfigureFTPserverthatallowlocalusersloginstotheirhomedirectories.Download/upload
mustbeallowedfortheseusers.Goonserversystemandopen/etc/vsftpd/vsftpd.conffile
Commentanonymous_login=YES,uncommentlocal_enableandsavethefile
5/9
7/23/2015
open/etc/vsftpd/user_listfile
Userslistedon/etc/vsftpd/user_listarenotallowedtologinonFTPserver.Adduservikarminit.Thisfilealso
haveanentryforrootuserthatwhyrootuserisdeniedfromFTPlogin.Ifyouwanttoenablerootuserforftp
sessionjustremoveitsentryfromthisfile[EnablerootforFTPsessionisnotrecommendedinanycircumstances,
changeatyourownrisk].
ConfigureSELinuxtoallowupload/downloadinuser'shomedirectory
Restartthevsftpdservice
Loginfromnormalusersanjayandcreateaexample_file
Comebackonlinuxclientsystemandtrytologinfromuservikram
6/9
7/23/2015
Nowtrytologinfromusersanjay
upload/downloadfile
Loginagainfromnormaluserandtrytochangeparentdirectory
7/9
7/23/2015
Itallowsyoutonavigatethe/directorywhichserioussecurityissue.
ConfigureFTPtochrootlocalusersintheirhomedirectory
Goonserverandopen/etc/vsftpd/vsftpd.conffile
Uncommentfollowingdirectiveandsavethefile
chroot_local_user=YES
Restartthevsftpdrestart
Comebackonlinuxclientsystemandloginformsanjayandtryagaintochangedirectoryto/
Nownormaluserwillnotbeabletonavigateoutsidethehomedirectory.
8/9
7/23/2015
Importantdirectivesofvsftpd.conf
anonymous_enable=YES
Enableanonymouslogin
local_enable=YES
Enablelocalusersloginwiththeirregularpassword
chroot_local_user=YES
Usersarerestrictedintheirhomedirectory
write_enable=YES
EnableswriteoperationsonFTP
local_umask=022
Ifwriteisenabledpermissionswillbebasedonthevalueofumask
#anon_upload_enable=YES
Enableanonymoususertouploadfile
#anon_mkdir_write_enable=YES
Allowanonymoususerstocreatedirectories
ftpd_banner=WelcometoblahFTPservice
SetFTPbanner
pam_service_name=vsftpd
ConfiguresPluggableAuthenticationModules(PAM)securityforFTP
userlist_enable=YES
blockuserslistedin/etc/vsftpd/user_list
tcp_wrappers=YES
Supportstheuseofsecuritycommandsin/etc/hosts.allowand/etc/hosts.denythroughtcpwrappers
SElinuxbooleanassociatedwithvsftpddaemons
TherearefiveSElinuxbooleanassociatedwithvsftpddaemons
#setseboolallow_ftpd_full_access1
vsftpddaemonswillrunonaSElinuxcontextwithoutanyrestriction
#setseboolallow_ftpd_anon_write1
Supportsthewritingoffilestodirectoriesconfiguredwiththepublic_content_rw_tSELinuxsetting
#setseboolallow_ftpd_use_cifs1
AllowstheuseoffilessharedviaCIFSonanFTPserver
#setseboolallow_ftpd_use_nfs1
AllowstheuseoffilessharedviaNFSonanFTPserver
#setseboolftp_home_directory1
SupportsFTPread/writeaccesstouserhomedirectories
#chconRtpublic_content_t/var/ftp/pub/
AnydirectorythatisgoingtobeusedonreadFTPoperationsitmustbelabelledaspublic_content_rw_t
#chconRtpublic_content_rw_t/var/pub/ftp
AnydirectorythatisgoingtobeusedonreadwriteFTPoperationsitmustbelabelledaspublic_content_rw_t
MoreRelatedArticlesForYou
IPaddress
HowtoassignIPaddressinLinux
Networkingtools
NetworkConfigurationFiles
NetworksetupinRHCE6
HowtoconfigureTelnetServerinRHEL6
HowtoconfigureSSHServerinRHEL6
HowtoconfigureYUMServerinRHEL6
HowtoconfigureSambaonRHEL6
HowtoconfigureNFSServerinRHEL6
Howtoconfigureapacheserverinlinux
WrittenbyAdmin
9/9

How To Configure FTP Server in RHEL6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Configure FTP Server in RHEL6

Uploaded by

Copyright:

Available Formats

7/23/2015

You might also like