DESCRIPTION :

 

This will be a VSFTPD server using CentOS 6.5 , each user

will chrooted to his/her own directory inside /home .  As

usual ,  the  software / hardware raid setup is up to the

user.

 

 

STEP 1. - Install , disable IPtables / SeLINUX , upgrade system , install VSFTPD

 

First you download the CentOS 6.5 iso from  the CentOS

website (x86 or x64) : CentOS 6.5 ISO's , install Base

system. Partitioning , software or hardware raid is up

to the user , for  our  current  setup  it  is  highly

recommended that the /home  is on a separate partition.

In this example the hostname is  : vsftpd.home.lan and

the ip address is : 192.168.186.200 .

chkconfig iptables off

chkconfig ip6tables off

vi /etc/selinux/config

 

Press i , look for SELINUX=  line  and  change  it to

SELINUX=disabled Once you are done editing press ESC ,

then type :wq then press ENTER.

Type into console :

reboot

 

Once the system is rebooted , type this into console :

yum upgrade

 

Finally we install VSFTPD , type this into console :

yum install vsftpd

 

STEP 2 - VSFTPD Configuration

 

Now we edit /etc/vsftpd/vsftpd.conf to look like this :

local_umask=011

#lock_upload_files=NO    this is good if you want to simultaneously read write a file

 

chown_uploads=NO

xferlog_enable=YES

idle_session_timeout=600

ascii_upload_enable=NO

ascii_download_enabled=NO

background=YES

listen=YES

ls_recurse_enable=NO

chroot_local_user=YES

write_enable=YES

 

anonymous_enable=NO

anon_upload_enable=NO

anon_mkdir_write_enable=NO

 

userlist_enable=YES

userlist_deny=YES

local_enable=YES

pam_service_name=vsftpd

 

local_max_rate=650000  # 650kbyte/s ~

 

accept_timeout=180

connect_timeout=180

data_connection_timeout=900

idle_session_timeout=900

 

use_localtime=YES

dual_log_enable=YES

vsftpd_log_file=/var/log/vsftpd.log

 

Next we make sure VSFTPD always starts , type the following

command into terminal :

chkconfig vsftpd on

 

STEP 3 - Adding Users to VSFTPD

 

We should add all FTP users with login disabled  to  local

system , enter this into terminal for sample  user  robert

useradd -s /sbin/nologin robert

passwd robert

 

Now we can login with robert and specified password to FTP,

but  same user cannot possibly login localy to this system,

also note robert is only able to see his/her own directory.

 

STEP 4 - Setting Quota for users

 

We need to alter /etc/fstab to look like this for our /home

mount UUID=xxxx-xxxx-xxxx-xxxx-xxxx /home ext4  defaults, usrquota,grpquota 1 2

NOTE : we only added usrquota,grpquota  here  ,  everything

else is left as is, your  UUID  will  be different . Now we

reboot the system and activate quotas like this :

reboot

quotacheck -cvgua

 

So let's add a quota for our user , robert.

Type this into the console :

edquota -u robert

 

The following will be displayed, you can press i to modify

stuff, then once done press ESC then :wq to save it. (see image bellow)

You can list quotas with the following command :

repquota -st /home

And you will get something like this on your system.

We specify quota in bytes, for this example we only used hard limits, which

for  an FTP server should be fine, normally these values would be much much

bigger for a company ftp server.

 

NOTE : use complex passwords for users (enforce it if need be) and you will

be pretty much safe from the bad guys.