Professional Documents
Culture Documents
HowtoconfigureFTPserverinRHEL6
HowtoconfigureFTPserverinRHEL6
InthistutorialIwillconfigureFTPServeronRHEL6.FTPisthemostwidelyusedprotocolforfiletransfer.
AsalinuxAdministratoryoushouldknow
FTPstandforFileTransferProtocol.
FTPdoesnotrequiretologindirectlyintotheremotehost
FTPtransferdatawithoutencryption
vsftpdistheonlystandaloneFTPdistributedWithRHEL6
vsftpdstandforVerySecureFTPDaemon
vsftpdissecure,fastandstableversionofFTP
vsftpdefficientlyhandlelargenumbersofconnectionsecurely
YoushoulduseSFTPinsteadofFTPwhiletransferringdataoverpublicnetworklikeInternet
RHCEExamObjectivecoveredinthistutorial
Configureanonymousonlydownload.
InthistutorialIwillusetwosystemsServerandlinuxclientfromourLABenvironment.IwillconfigureFTPServer
onServersystemandftpclientonlinuxclientsystem.Ifyouwanttocheckthenetworktopologyusedinthisarticle
pleasecheckfollowingarticle.LabsetupforRHCE6practice.
PrepareLABforFTPpractice
ConfigureFTPServeronRHEL6
vsftpdpackageisrequiredforFTPServer.Checkwhetherpackageisinstalledornot.Ifpackageismissinginstallit
first.
Configurevsftpdservicetostartatboot
Currentstatusofvsftpdservicemustberunning.Startifitisstopped.Restartvsftpdservicewheneveryoumade
anychangeinconfigurationfile.
FTPServerisbydefaultconfiguredtolistenonport21.Port21mustbeopenedifyouhaveconfiguredfirewall.The
configurationofafirewallforanFTPserverisarelativelysimpleprocess.
#iptablesAINPUTmstatestateNEWmtcpptcpdport21jACCEPT
Create2normaluseraccountsfortesting.Createanormaluser
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
1/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
createanothernormaluser
That'sallconfigureweneedonserverrightnow.
ConfigureFTPclientonRHEL6
FromRHELversion6youwillnotbeabletorunftpcommand.Bydefaultyouwillgetfollowingerror
bash:ftp:commandnotfounderror
Torunftpcommandftppackageisrequired.Installitifitisnotinstalled.
CheckconnectivitywithFTPServer.
Nowtryagaintorunftpcommand
WehavesuccessfullyconnectedwithFTPserver.
LABExercises
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
2/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
Configureanonymousonlydownload[RHCE6examobjective]
ConfigureFTPservertoallowanonymousaccess,chrootedto/var/ftp
ConfigureFTPServertoalllocalusersexceptuservikramtoftpinserver
Download/uploadmustbeallowedfortheseusersandtheusersmustbechrootedontheirhomedirectory
Configureanonymousonlydownload[RHCE6examobjective]
GoonServersystemandopenmainftpconfigurationfile/etc/vsftpd/vsftpd.conf
vsftpd.confisthemainconfigurationfileofFTPserveranditcontainslotofdirectives.Configurationofan
anonymousonlydownloadisrelativelysimple.Defaultconfigurationofvsftpd.confalreadysupportsanonymousonly
download.Butitalsosupportsaccessfromlocalusers.Allyouneedtodoisdisablethedirectivewhichallowslocally
configureduserstologinwiththeiraccounts.
Commentfollowingdirectivesandsavethefile
Restartthevsftpdservice
WhenauserconnectsontheFTPserverwithanonymoususername,actuallythatuserconnectsontheserverasa
usernamedftp.RHEL6automaticallycreatethisaccountwithfollowingsetting.
ftp:x:14:50:FTPUser:/var/ftp:/sbin/nologin
Withthesesettingusersarenotallowedtologinastheusernamedftp.Sotheyneedtouseanonymousasuser
name.Sowheneverananonymoususerloggedin,heistakentoftpuser'shomedirectory/var/ftp.Soifyouwant
tochangethedefaultdirectoryassociatedwithanonymouslogins,changethehomedirectoryassociatedwiththe
localusernamedftp.Createafileontherootoftheftpdirectory/var/ftp/pub.Thisfilewillbedownloadedby
anonymoususer.
#ddif=/dev/nullof=/var/ftp/pub/filebs=1024count=1000
IfyouarerunningLinuxwithoutSELinuxthat'sallsettingwhichweneedforthisexercise.SELinuxislistedin
RHCE6examobjective.SoifyouhaveconfiguredSELinux,alsoconfigurefollowingbooleanoption.
#chconRtpublic_content_t/var/ftp/pub/
Inthisexerciseweareaskedtoconfigureanonymousdownloadonly.Soweshouldbe
Abletodownloadanonymous
Failtoupload
Failtologinformotheraccountexceptanonymous
GoonlinuxclientsystemandlogintotheFTPserverasanonymoususeranddownloadtest_file
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
3/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
Mostcommonlycommandsusedonftppromptare
putTouploadfilesonserver
getTodownloadfilesfromserver
mputTouploadallfiles
mgetTodownloadallfiles
?Toseeallavailablecommandonftpprompts
cdTochangeremotedirectory
lcdTochangelocaldirectory.
Createasamplefile
Loginfromanonymousagainandtrytoupload
Trytologinformnormaluser
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
4/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
Restrictanonymoususertoftpdirectory.
Totestthisloginformanonymoususeragain
Trytochangeparentdirectory
ConfigureFTPServertoalllocalusersexceptuservikramtoftpinserver
FTPnonanonymousserver
InthisexercisewewillconfigureFTPserverthatallowlocalusersloginstotheirhomedirectories.Download/upload
mustbeallowedfortheseusers.Goonserversystemandopen/etc/vsftpd/vsftpd.conffile
Commentanonymous_login=YES,uncommentlocal_enableandsavethefile
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
5/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
open/etc/vsftpd/user_listfile
Userslistedon/etc/vsftpd/user_listarenotallowedtologinonFTPserver.Adduservikarminit.Thisfilealso
haveanentryforrootuserthatwhyrootuserisdeniedfromFTPlogin.Ifyouwanttoenablerootuserforftp
sessionjustremoveitsentryfromthisfile[EnablerootforFTPsessionisnotrecommendedinanycircumstances,
changeatyourownrisk].
ConfigureSELinuxtoallowupload/downloadinuser'shomedirectory
Restartthevsftpdservice
Loginfromnormalusersanjayandcreateaexample_file
Comebackonlinuxclientsystemandtrytologinfromuservikram
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
6/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
Nowtrytologinfromusersanjay
upload/downloadfile
Loginagainfromnormaluserandtrytochangeparentdirectory
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
7/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
Itallowsyoutonavigatethe/directorywhichserioussecurityissue.
ConfigureFTPtochrootlocalusersintheirhomedirectory
Goonserverandopen/etc/vsftpd/vsftpd.conffile
Uncommentfollowingdirectiveandsavethefile
chroot_local_user=YES
Restartthevsftpdrestart
Comebackonlinuxclientsystemandloginformsanjayandtryagaintochangedirectoryto/
Nownormaluserwillnotbeabletonavigateoutsidethehomedirectory.
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
8/9
7/23/2015
HowtoconfigureFTPserverinRHEL6
Importantdirectivesofvsftpd.conf
anonymous_enable=YES
Enableanonymouslogin
local_enable=YES
Enablelocalusersloginwiththeirregularpassword
chroot_local_user=YES
Usersarerestrictedintheirhomedirectory
write_enable=YES
EnableswriteoperationsonFTP
local_umask=022
Ifwriteisenabledpermissionswillbebasedonthevalueofumask
#anon_upload_enable=YES
Enableanonymoususertouploadfile
#anon_mkdir_write_enable=YES
Allowanonymoususerstocreatedirectories
ftpd_banner=WelcometoblahFTPservice
SetFTPbanner
pam_service_name=vsftpd
ConfiguresPluggableAuthenticationModules(PAM)securityforFTP
userlist_enable=YES
blockuserslistedin/etc/vsftpd/user_list
tcp_wrappers=YES
Supportstheuseofsecuritycommandsin/etc/hosts.allowand/etc/hosts.denythroughtcpwrappers
SElinuxbooleanassociatedwithvsftpddaemons
TherearefiveSElinuxbooleanassociatedwithvsftpddaemons
#setseboolallow_ftpd_full_access1
vsftpddaemonswillrunonaSElinuxcontextwithoutanyrestriction
#setseboolallow_ftpd_anon_write1
Supportsthewritingoffilestodirectoriesconfiguredwiththepublic_content_rw_tSELinuxsetting
#setseboolallow_ftpd_use_cifs1
AllowstheuseoffilessharedviaCIFSonanFTPserver
#setseboolallow_ftpd_use_nfs1
AllowstheuseoffilessharedviaNFSonanFTPserver
#setseboolftp_home_directory1
SupportsFTPread/writeaccesstouserhomedirectories
#chconRtpublic_content_t/var/ftp/pub/
AnydirectorythatisgoingtobeusedonreadFTPoperationsitmustbelabelledaspublic_content_rw_t
#chconRtpublic_content_rw_t/var/pub/ftp
AnydirectorythatisgoingtobeusedonreadwriteFTPoperationsitmustbelabelledaspublic_content_rw_t
MoreRelatedArticlesForYou
IPaddress
HowtoassignIPaddressinLinux
Networkingtools
NetworkConfigurationFiles
NetworksetupinRHCE6
HowtoconfigureTelnetServerinRHEL6
HowtoconfigureSSHServerinRHEL6
HowtoconfigureFTPserverinRHEL6
HowtoconfigureYUMServerinRHEL6
HowtoconfigureSambaonRHEL6
HowtoconfigureNFSServerinRHEL6
Howtoconfigureapacheserverinlinux
WrittenbyAdmin
http://computernetworkingnotes.com/networkadministration/howtoconfigureftpserverinrhel6/print.html
9/9