on the server
install vsftp server and then edit the config file
$ sudo yum -y install vsftp $ sudo vim /etc/vsftpd/vsftpd.conf
copy this into the config file
anonymous_enable=NO local_enable=YES chroot_local_user=YES
optional if using passive (PASV)
pasv_enable=YES pasv_addr_resolve=YES pasv_address=my_hosts_name_or_ip pasv_min_port=4242 pasv_max_port=4243
start the ftp server, make it persistent on reboots & set its directory permissions
$ sudo service vsftpd start $ chkconfig vsftpd on $ sudo mkdir /home/ftp $ sudo chmod root:root /home/ftp $ sudo chown 755 /home/ftp
create a user with its home directory as the ftp directory so that it will be able to access it from a client
$ sudo useradd --home /home/ftp ftpuser useradd: warning: the home directory already exists. Not copying any file from skel directory into it. $ sudo passwd ftpuser Changing password for user ftpuser. New password: Retype new password: passwd: all authentication tokens updated successfully.
log into the server as the ftpuser and you will go to your home directory
user:~/ $ ssh [email protected] ftpuser:~/ $ pwd /home/ftp
on the client
i’m using filezilla as an example, but it doesn’t matter which one you want to use.
set transfer setting to “active” in
file > site manager > transfer settings > transfer mode
set your active PORT on your security group or firewall to allow incoming connections on ports 20, 21 (for the ftp connection) & 192 (for active transfer mode)
you should be able to list the directory and be chrooted to it as your root directory. according to permissions of the folder set on the server, this will limit whether you can read or write to the folder.
active vs pasv mode
ACTIVE = server initiated data connection
the client connects from command port N to the server’s command port 21 and tells the server what its data port will be (N+1). the server responds to the command port N from command port 21 with an ACK. the server initiates a data connection from its data port 20, to the data port that the client told it about before (N+1). the client’s data port N+1 responds to the server with an ACK
PASV= client initiated data connection
the client connects from command port N to the server’s command port 21 and tells the server PASV. the server replies with an available port from a range defined in the config file’s directives pasv_min_port and pasv_max_port. this tells the client which port the server is listening to for the data connection. the client initiates the data connection from its data port to the data port the server told it about before. the server sends back an ACK to the client’s data port