vsftpd installation on CentOS 7 / RedHat 7 with selinux

vsftpd (Very Secure File Transfer Protocol Daemon) is lightweight, fast and default FTP server daemon for rpm-based Linux distributions (CentOS/RHEL/Fedora).

We will install vsftpd on CentOS7 with selinux enabled in Enforcing mode.

1. Install vsftpd server:

[root@tux ~]# yum install vsftpd

2. Verify, if ftp user account was created (with nologin shell) and set password for ftp user:

[root@tux /]# getent passwd ftp
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
[root@tux /]# finger ftp
Login: ftp Name: FTP User
Directory: /var/ftp Shell: /sbin/nologin
Never logged in.
No mail.
No Plan.
[root@tux /]# passwd ftp
Changing password for user ftp.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

2. Edit file: /etc/vsftpd/vsftpd.conf and modify it to look like below:

# Example config file /etc/vsftpd/vsftpd.conf

3. Set /var/ftp (ftp user home directory) permissions and selinux attributes:

[root@tux ~]# chown -R ftp:ftp /var/ftp
[root@tux ~]# semanage fcontext -a -t public_content_rw_t /var/ftp
[root@tux ~]# restorecon -Rvv /var/ftp
[root@tux ~]# setsebool -P ftp_home_dir 1
[root@tux ~]# setsebool -P ftpd_full_access 1
[root@tux ~]# ls -lZ /var | grep ftp
drwxr-xr-x. ftp ftp system_u:object_r:public_content_rw_t:s0 ftp

4. Enable and start vsftpd service:

[root@tux ~]# systemctl enable vsftpd
[root@tux ~]# systemctl start vsftpd
[root@tux ~]# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled)
Active: active (running) since Sat 2015-05-09 22:35:11 CEST; 11min ago
Main PID: 12285 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─12285 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

May 09 22:35:11 router systemd[1]: Started Vsftpd ftp daemon.

5. Test and troubleshooting.

Now let’s test our FTP server from localhost:

[root@tux /]# ftp localhost
Trying ::1...
Connected to localhost (::1).
220 (vsFTPd 3.0.2)
Name (localhost:root): ftp
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

If you still have problems with login, verify sealerts, if selinux isn’t still blocking access. Launch sealert browser and check alerts:

[root@tux /]# sealert -b

During tests you can also set selinux temporarily into Permissive mode to see, if vsftpd is now reachable and eventually exclude selinux issue:

[root@tux /]# setenforce Permissive
[root@tux /]# getenforce

Share on: Share on FacebookShare on Google+Tweet about this on TwitterShare on StumbleUponShare on LinkedInPin on PinterestBuffer this pageShare on TumblrDigg thisFlattr the authorShare on RedditShare on VKShare on Yummly
Liked it? Take a second to support tuxfixer.com on Patreon!
Hadoop Developer Training

2 thoughts on “vsftpd installation on CentOS 7 / RedHat 7 with selinux

  1. Annoynymous May 3, 2017 at 13:24

    Looking for a solution for vsftpd I finally reached your page with the famous SELinux tool blocking everything for everyone everywhere.. But you saved my day!

Leave a Reply

Name *
Email *