edit-icon download-icon

Build an FTP site on a Linux ECS instance

Last Updated: Jul 26, 2018

This article describes how to build an FTP site on a Linux ECS instance.

vsftpd is a light, safe, and easy-to-use FTP server for Linux. It is the most popular FTP server across all Linux versions. This article describes how to install vsftpd on a Linux ECS instance running CentOS 7.2 x64.

Step 1. Install vsftpd

  1. Connect to a Linux instance.

  2. Run the following command to install vsftpd.

    1. yum install -y vsftpd
  3. Run the following command to open and view etc/vsftpd.

    1. cd /etc/vsftpd
    2. ls

    Note:

    • /etc/vsftpd/vsftpd.conf is the core configuration file.
    • /etc/vsftpd/ftpusers is the blacklist. Users on the blacklist are prevented from accessing the FTP server.
    • /etc/vsftpd/user_list is the whitelist. Only the users on the whitelist are allowed to access the FTP server.
  4. Run the following command to set vsftpd to automatically start on startup.

    1. systemctl enable vsftpd.service
  5. Run the following command to start the FTP service.

    1. systemctl start vsftpd.service
  6. Run the following command to view the FTP service port.

    1. netstat -antup | grep ftp

Step 2. Configure vsftpd

After vsftpd is installed, the anonymous FTP function is enabled by default. Using the anonymous FTP function, users can log on to the FTP server without the username and password, but do not have the permission to modify or upload files.

This section describes the following vsftpd configuration methods and the corresponding parameter descriptions for your reference.

Grant the file upload permission to anonymous users

You can grant more permissions to anonymous users by modifying the options in the vsftpd.conf configuration file.

  1. Follow these steps to modify /etc/vsftpd/vsftpd.conf.

    1. Run vim /etc/vsftpd/vsftpd.conf.
    2. Press the i key to enter Edit mode.
    3. Set write_enable=YES.
    4. Set anon_upload_enable=YES.
    5. Press the Esc key and then type :wq to save and close the file.
  2. Run the following command to change the permissions of the /var/ftp/pub directory, grant write permissions to the FTP users, and reload the configuration file.

    1. chmod o+w /var/ftp/pub/
    2. systemctl restart vsftpd.service

Configure local user logon

Local user logon refers to a user logging on to the FTP server by using the username and password for the Linux operation system. After vsftpd is installed, only anonymous FTP logon is supported. If you attempt to log on to the FTP server with the Linux username, your access to vsftp will be denied. However, you can adjust the vsftpd configuration to allow logon with a username and password. Follow these steps:

  1. Run the following command to create the ftptest user.

    1. useradd ftptest
  2. Run the following command to modify the password for the ftptest user.

    1. passwd ftptest
  3. Follow these steps to modify /etc/vsftpd/vsftpd.conf:

    1. Run vim /etc/vsftpd/vsftpd.conf.
    2. Press the i key to enter edit mode.
    3. Set anonymous enable=NO.
    4. Set local_enable=YES.
    5. Press the Esc key and then type :wq to save and close the file.
  4. Run the following command to reload the configuration file.

    1. systemctl restart vsftpd.service

Introduction to vsftpd.conf parameters

Run cat /etc/vsftpd/vsftpd.conf to view content in the configuration file.

The following table lists all the parameters related to user logon control.

Parameters Description
anonymous_enable=YES Allows anonymous logon
no_anon_password=YES Anonymous users are not prompted for a password when logging on
anon_root=(none) Root directory for anonymous users
local_enable=YES Allows local user logon
local_root=(none) Root directory for local user

The following table lists all the parameters related to user permission control.

Parameters Descriptions
write_enable=YES Allows file upload (global control)
local_umask=022 Umask for the local user to upload files
file_open_mode=0666 Uses umask for file upload permission
anon_upload_enable=NO Allows anonymous users to upload files
anon_mkdir_write_enable=NO Allows anonymous users to create directories
anon_other_write_enable=NO Allows anonymous users to modify and delete files and directories
chown_username=lightwiter Username for anonymously uploaded files

Step 3. Configure a security group

After building the FTP site, you must add a rule to open the FTP port. For more information, see Add a security group rule.

Step 4. Test

On your local computer, access the FTP site by using ftp://public IP address:FTP port (the default port 21 is used if you do not enter the port). For example, ftp://0.0.0.0:20. You are prompted for your username and password if the configuration was successful. After entering the username and password correctly, you can perform the relevant FTP file operations according to your permissions.

Note: If you use this method to access the FTP site from the client, you must adjust the Internet Explorer settings to open FTP folders. Open Internet Explorer, and then select Tools > Internet Options > Advanced. Select Enable folder view for FTP sites, and then clear Use Passive FTP.

What to do next

You can take actions to improve your FTP service security. For more information, see FTP anonymous logon and weak password vulnerabilities.

Thank you! We've received your feedback.