vsftpd installation on CentOS 7 / RedHat 7 with selinux

vsftpd (Very Secure File Transfer Protocol Daemon) is lightweight, fast and default FTP server daemon for rpm-based Linux distributions (CentOS/RHEL/Fedora).

We will install vsftpd on CentOS7 with selinux enabled in Enforcing mode.

1. Install vsftpd server:

[root@tux ~]# yum install vsftpd

2. Verify, if ftp user account was created (with nologin shell) and set password for ftp user:

[root@tux /]# getent passwd ftp
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
[root@tux /]# finger ftp
Login: ftp Name: FTP User
Directory: /var/ftp Shell: /sbin/nologin
Never logged in.
No mail.
No Plan.
[root@tux /]# passwd ftp
Changing password for user ftp.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

2. Edit file: /etc/vsftpd/vsftpd.conf and modify it to look like below:

# Example config file /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

3. Set /var/ftp (ftp user home directory) permissions and selinux attributes:

[root@tux ~]# chown -R ftp:ftp /var/ftp
[root@tux ~]# semanage fcontext -a -t public_content_rw_t /var/ftp
[root@tux ~]# restorecon -Rvv /var/ftp
[root@tux ~]# setsebool -P ftp_home_dir 1
[root@tux ~]# setsebool -P ftpd_full_access 1
[root@tux ~]# ls -lZ /var | grep ftp
drwxr-xr-x. ftp ftp system_u:object_r:public_content_rw_t:s0 ftp

4. Enable and start vsftpd service:

[root@tux ~]# systemctl enable vsftpd
[root@tux ~]# systemctl start vsftpd
[root@tux ~]# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled)
Active: active (running) since Sat 2015-05-09 22:35:11 CEST; 11min ago
Main PID: 12285 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─12285 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

May 09 22:35:11 router systemd[1]: Started Vsftpd ftp daemon.
...

5. Test and troubleshooting.

Now let’s test our FTP server from localhost:

[root@tux /]# ftp localhost
Trying ::1...
Connected to localhost (::1).
220 (vsFTPd 3.0.2)
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

If you still have problems with login, verify sealerts, if selinux isn’t still blocking access. Launch sealert browser and check alerts:

[root@tux /]# sealert -b

During tests you can also set selinux temporarily into Permissive mode to see, if vsftpd is now reachable and eventually exclude selinux issue:

[root@tux /]# setenforce Permissive
[root@tux /]# getenforce
Permissive

Share on: Share on FacebookShare on Google+Tweet about this on TwitterShare on StumbleUponShare on LinkedInPin on PinterestBuffer this pageShare on TumblrDigg thisFlattr the authorShare on RedditShare on VKShare on Yummly
Liked it? Take a second to support tuxfixer.com on Patreon!
Hadoop Developer Training

2 thoughts on “vsftpd installation on CentOS 7 / RedHat 7 with selinux

  1. Annoynymous May 3, 2017 at 13:24

    Looking for a solution for vsftpd I finally reached your page with the famous SELinux tool blocking everything for everyone everywhere.. But you saved my day!

Leave a Reply

Name *
Email *
Website