1

I installed VSFTPD on Centos7 and tried to set up FTP. The vsftpd.conf file information is as follows:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
allow_ftpd_full_access
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
listen_ipv6=NO
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
local_root=/home/share
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
pasv_address=ip
pasv_min_port=3000
pasv_max_port=3100
guest_enable=NO

I looked at a lot of posts and most of the answers I got were permissions and SELinux. The dir /home/share 777 permission has been set.

SELinux is enabled.

Would you please help me find out what the problem is? I would be very grateful!!

L Jackie
  • 43
  • 6

1 Answers1

1

I think the problems are that allow_ftpd_full_access is not a vsftpd.conf option, and that the /home/share directory has the wrong owner (see Steps 5 and 6).

Try this out...

NOTE - Tested using two CentOS 7.9 virtual machines, on an Internal network, with IP addresses of 192.168.0.10 (client) and 192.168.0.11 (server), using your vsftpd.conf settings.

  1. On the client, ensure the FTP client is installed: sudo yum install ftp
  2. On the server, ensure the FTP daemon is installed: sudo yum install vsftpd
  3. Temporarily open the firewall for FTP traffic on both machines, so you do not receive a No route to host error:
sudo firewall-cmd --zone=public --add-port=20/tcp
sudo firewall-cmd --zone=public --add-port=21/tcp
  1. On the server, allow FTP daemon traffic through the firewall: sudo firewall-cmd --zone=public --add-service=ftp
  2. On the server, in your vsftpd.conf file, remove allow_ftpd_full_access. Instead, enter sudo setsebool -P allow_ftpd_full_access=1 in the Terminal.
  3. On the server, change the ownership of the /home/share folder from root:root to the FTP server's user name and group. In my case it was ftp_server:ftp_server group:
sudo chown ftp_server:ftp_server /home/share
  1. On the server, start the FTP service: sudo systemctl start vsftpd
  2. On the server, create a test file in the /home/share directory. You can change the ownership of the file, if you like, but I was able to get the file even if it was root:root:
echo "This file is from the FTP server." | sudo tee /home/share/ftp_server_file
  1. On the client, create a test file in the client home directory: echo "This file is from the FTP client." > ~/ftp_client_file
  2. On the client:
    • Open the FTP client
    • Get the server's /home/share directory listing
    • Get the server file
    • Put the client file
[ftp_client@localhost ~]$ ftp 192.168.0.11
Connected to 192.168.0.11 (192.168.0.11).
220 (vsFTPd 3.0.2)
Name (192.168.0.11:ftp_client): ftp_server
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,0,11,12,27).
150 Here comes the directory listing.
-rw-r--r--    1 0        0              34 Jan 16 21:06 ftp_server_file
226 Directory send OK.
ftp> get ftp_server_file
local: ftp_server_file remote: ftp_server_file
227 Entering Passive Mode (192,168,0,11,11,211).
150 Opening BINARY mode data connection for ftp_server_file (34 bytes).
226 Transfer complete.
34 bytes received in 4.5e-05 secs (755.56 Kbytes/sec)
ftp> put ftp_client_file
local: ftp_client_file remote: ftp_client_file
227 Entering Passive Mode (192,168,0,11,11,212).
150 Ok to send data.
226 Transfer complete.
34 bytes sent in 7.7e-05 secs (441.56 Kbytes/sec)
ftp> ls
227 Entering Passive Mode (192,168,0,11,11,222).
150 Here comes the directory listing.
-rw-r--r--    1 1000     1000           34 Jan 16 21:18 ftp_client_file
-rw-r--r--    1 0        0              34 Jan 16 21:06 ftp_server_file
226 Directory send OK.
ftp> quit
221 Goodbye.
[ftp_client@localhost ~]$
  1. Verify the files are both on the client and the server:
$ ll ftp*
total 4
-rw-r--r--. 1 ftp_server ftp_server 34 Jan 16 15:04 ftp_client_file
-rw-r--r--. 1 root       root       34 Jan 16 15:03 ftp_server_file

The initial permissions for both files were 644, but I had no problems.

Rob G
  • 673
  • 3
  • 10
  • First of all, thank you very much for your attention. I rebuilt VSFTPD on the other two servers according to the steps you said, and successfully put.I compared it and found out:My FTP root directory is ```/home/share```. I created an ```upload``` directory in this layer and set ```757``` permissions to it, and then work. Thank you very much! – L Jackie Jan 17 '22 at 03:41
  • YW @l-jackie, but please review https://stackoverflow.com/help/someone-answers and https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work – Rob G Jan 21 '22 at 16:36