4.3.8. Installing and configuring ProFTPd

To connect to the server using FTP it is necessary to install and configure a special software on the server - an FTP server. One of the most popular and convenient FTP-servers - ProFTPd.

Installing

Connect to the server by SSH or VNC, install ProFTPd and edit config files. The procedure depends on the OS you are using.

  1. Install the EPEL repository:
    yum install epel-release
  2. Install ProFTPd:
    yum install proftpd
  3. Open ports to work FTP:
    firewall-cmd --permanent --add-port=20-21/tcp
firewall-cmd --permanent --add-port=40900-40999/tcp 
firewall-cmd --reload
  4. Set ProFTPd to start at system startup and run it:
    systemctl enable proftpd
systemctl start proftpd
  5. Change configuration file ProFTPd.
  6. You can add a user with the command:
    useradd example -d /var/www -s /sbin/nologin
passwd example

    Enter the required data:

    • Instead example provide username FTP-user.
    • Instead /var/www specify home directory FTP-user.
    • After execution passwd example you will need to enter your password twice FTP-user.
  1. Install ProFTPd:
    apt-get install proftpd
  2. Change configuration file ProFTPd.
  3. Run the command:
    echo "/bin/false" >> /etc/shells
  4. Add a user for access by FTP:
    adduser --home /home/example --shell /bin/false example

    Instead of a directory /home/example as the home directory, you can specify the directory /var/www.

    1. After adding a user, you need to assign him rights to edit files located in certain directories. It is best to restrict access to site files only by running the command:
      chown example -R /var/www
      • example — specify the user created earlier.
      • /var/www — specify the directory for which the access rights are changed. Note It is worth specifying the directory where the site files are located in order to be able to edit them (by default, this is /var/www).
  1. Install ProFTPd:
    emerge --ask net-ftp/proftpd
  2. Copy the config file if it doesn't exist using the command:
    cp /etc/proftpd/proftpd.conf.distrib /etc/proftpd/proftpd.conf
  3. Change configuration file ProFTPd.
  4. Set ProFTPd to start at system startup and run it:
    1. For OpenRC, you need to do:
      rc-update add proftpd default 
rc-service proftpd start
    2. For systemd:
      systemctl enable proftpd
systemctl start proftpd
  5. Add a user for access by FTP using the command:
    adduser --home /home/example --shell /bin/false example

    Instead of a directory /home/example as the home directory, you can specify the directory /var/www.

    1. After adding a user, you need to assign him rights to edit files located in certain directories. It is best to restrict access to site files only by running the command:
      chown example -R /var/www
      • example — specify the user created earlier.
      • /var/www — specify the directory for which the access rights are changed. Note It is worth specifying the directory where the site files are located in order to be able to edit them (by default, this is /var/www).
  1. Install ProFTPd:
    dnf -y install proftpd
  2. Change the ProFTPd configuration file (unlike other operating systems, it is located in /etc/proftpd.conf). At the end of the file add the line:
    PassivePorts 21000 21020
  3. Set ProFTPd to start at system startup and run it:
    systemctl enable proftpd
systemctl start proftpd
  4. Configure SElinux (if present) and firewall:
    setsebool -P ftp_home_dir=1
setsebool -P allow_ftpd_full_access=1
# Firewall settings
firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --add-port=21000-21020/tcp --permanent
firewall-cmd --reload
  5. Create a user:
    useradd example -d /var/www -s /sbin/nologin
passwd example

    Enter the required data:

    • Instead example provide a username.
    • Instead /var/www specify the home directory.
    • After execution passwd example you will need to enter the password for the user twice.

Customization

  1. Edit the ProFTPd config file:
    nano /etc/proftpd/proftpd.conf

    Change the lines:

    • ServerName — specify the server name.
    • ServerType — specify the launch mode:
      • standalone — automatic start at system startup (default mode).
      • inetd — exclusively manual start.
    • # DefaultRoot — remove the symbol # at the beginning of the line. This parameter specifies access to the default directory. To determine the default access to the user's directory, you need to specify the value ~.
    • Add the line UseReverseDNS off before the line # Use this to jail all users in their homes (default line 34).
    • Check the configuration file for correctness after saving by running:
      proftpd -t
  2. Restart ProFTPd:
    /etc/init.d/proftpd restart
Content