vsftpd installation on CentOS 7 / RedHat 7 with selinux

vsftpd (Very Secure File Transfer Protocol Daemon) is lightweight, fast and default FTP server daemon for rpm-based Linux distributions (CentOS/RHEL/Fedora).

We will install vsftpd on CentOS7 with selinux enabled in Enforcing mode.

1. Install vsftpd server:

[root@tux ~]# yum install vsftpd

2. Verify, if ftp user account was created (with nologin shell) and set password for ftp user:

[root@tux /]# getent passwd ftp
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
[root@tux /]# finger ftp
Login: ftp Name: FTP User
Directory: /var/ftp Shell: /sbin/nologin
Never logged in.
No mail.
No Plan.
[root@tux /]# passwd ftp
Changing password for user ftp.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

2. Edit file: /etc/vsftpd/vsftpd.conf and modify it to look like below:

# Example config file /etc/vsftpd/vsftpd.conf

3. Set /var/ftp (ftp user home directory) permissions and selinux attributes:

[root@tux ~]# chown -R ftp:ftp /var/ftp
[root@tux ~]# semanage fcontext -a -t public_content_rw_t /var/ftp
[root@tux ~]# restorecon -Rvv /var/ftp
[root@tux ~]# setsebool -P ftp_home_dir 1
[root@tux ~]# setsebool -P ftpd_full_access 1
[root@tux ~]# ls -lZ /var | grep ftp
drwxr-xr-x. ftp ftp system_u:object_r:public_content_rw_t:s0 ftp

4. Enable and start vsftpd service:

[root@tux ~]# systemctl enable vsftpd
[root@tux ~]# systemctl start vsftpd
[root@tux ~]# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled)
Active: active (running) since Sat 2015-05-09 22:35:11 CEST; 11min ago
Main PID: 12285 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─12285 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

May 09 22:35:11 router systemd[1]: Started Vsftpd ftp daemon.

5. Test and troubleshooting.

Now let’s test our FTP server from localhost:

[root@tux /]# ftp localhost
Trying ::1...
Connected to localhost (::1).
220 (vsFTPd 3.0.2)
Name (localhost:root): ftp
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

If you still have problems with login, verify sealerts, if selinux isn’t still blocking access. Launch sealert browser and check alerts:

[root@tux /]# sealert -b

During tests you can also set selinux temporarily into Permissive mode to see, if vsftpd is now reachable and eventually exclude selinux issue:

[root@tux /]# setenforce Permissive
[root@tux /]# getenforce

5 thoughts on “vsftpd installation on CentOS 7 / RedHat 7 with selinux

  1. Annoynymous May 3, 2017 at 13:24

    Looking for a solution for vsftpd I finally reached your page with the famous SELinux tool blocking everything for everyone everywhere.. But you saved my day!

  2. artjom July 3, 2018 at 23:09

    Using this article I installed my fist FTP server. Thank you!

  3. Zeake November 1, 2018 at 20:14

    Fantastic! A must for all beginners!

  4. Alberto Velazquez May 18, 2019 at 00:46

    Just Great, thanks for sharing your knowledge!!! Regards from Mexico

Leave a Reply

Name *
Email *

This site uses Akismet to reduce spam. Learn how your comment data is processed.