vsftpd
Tue, Jan 12, 2016 · 2 minute readlinux
We have installed vsftpd on a few of our servers to allow users to securely connect to upload or retrieve files.
The users are all chroot’d - they cannot cd out of their home directory.
Our procedure for configuring the server, vsftpd and the users to allow this follows.
- Install vsftpd
Simple as: yum install vsftpd
(or apt-get if you are using a different Linux flavour).
Create user account
# Optionally, create a specific group for these users groupadd sftp # Create user account sftpUser=<your-user-name> useradd -M -g sftp -s /bin/bash -c "SFTP User" ${sftpUser} passwd ${sftpUser} # Home dir has to be owned by root with no write access for user mkdir /home/${sftpUser} chown root:root /home/${sftpUser} chmod 755 /home/${sftpUser} usermod --home /sftp-home ${sftpUser}Configure vsftpd
The following settings work for me:
anonymous_enable=NO
local_enable=YES
write_enable=YES
idle_session_timeout=600
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=NO
tcp_wrappers=YES
chmod_enable=YES
allow_writeable_chroot=YESRestart the vsftpd service to enable the changes.
- Configure SELinux
We did initially experience a persistent problem where users were connecting but then getting a “550 Failed to change directory” error .
This would typically be caused by SELinux but that was disabled on our servers, i.e. this is the relevant line from /etc/selinux/config:SELINUX=disabled
After some head scratching we realised that even with SELinux disabled we still had to set SELinux to permissive mode by running setenforce 0 or setenforce Permissive
All done.