How to Setup vsftpd Server in Rocky Linux 8

Introduction
File Transfer Protocol (FTP) is one of the oldest and most widely used protocols for transferring files between systems over a network.

In Linux, the most commonly used FTP server is vsftpd (Very Secure FTP Daemon). It is lightweight, stable, and secure, making it a
popular choice for enterprises and administrators.

In this blog, we will learn how to set up vsftpd on Rocky Linux 8, configure it for secure use, and manage access for clients.

What is FTP and vsftpd?
FTP: A standard network protocol used to transfer files between client and server.
vsftpd: Stands for Very Secure FTP Daemon. It is a fast, stable, and secure FTP server implementation for Unix/Linux systems.

Key Features of vsftpd:
– Supports IPv4 and IPv6
– Configurable security (SSL/TLS)
– Virtual users and chroot jailing
– Lightweight and highly performant

Installing vsftpd on Rocky Linux 8
Run the following command:

dnf install vsftpd -y

Understanding Basic vsftpd Service
After installation, you can control the vsftpd service using `systemctl`.

Start the service:

systemctl start vsftpd

Enable service on boot:

systemctl enable vsftpd

Check vsftpd service status:

systemctl status vsftpd

vsftpd Configuration File
The main configuration file is located at:
/etc/vsftpd/vsftpd.conf

Some important options:
– `anonymous_enable=NO` → Disable anonymous login
– `local_enable=YES` → Allow local users to log in
– `write_enable=YES` → Allow file uploads
– `chroot_local_user=YES` → Restrict users to their home directory

Edit the file:

vim /etc/vsftpd/vsftpd.conf

Example settings:

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES

Save and restart service:

systemctl restart vsftpd

vsftpd Tuning Parameters
Some useful parameters to optimize:
idle_session_timeout=600` → Disconnect idle users after 10 minutes
– `data_connection_timeout=120` → Timeout for data connections
– `max_clients=50` → Limit max simultaneous connections
– `max_per_ip=5` → Limit number of connections per IP

Firewall and SELinux Configuration
Allow FTP ports through firewall:

firewall-cmd --permanent --add-service=ftp
firewall-cmd --reload

For SELinux, allow FTP home directories:

setsebool -P ftp_home_dir on

If using passive ports, configure them:
pasv_min_port=40000
pasv_max_port=50000

And allow in firewall:

sudo firewall-cmd --permanent --add-port=40000-50000/tcp
sudo firewall-cmd --reload

Create FTP Users
Create a new user for FTP:

adduser ftpuser
passwd ftpuser

Make sure the user has a home directory and proper permissions.

Access FTP
You can access the FTP server using:
– Command line:
ftp server-ip

– GUI Clients:
– FileZilla
– WinSCP
– Cyberduck

Example login with FileZilla:
– Host: `ftp://server-ip`
– Username: `ftpuser`
– Password: (set password)

Enable vsftpd Service on Boot
Make sure it runs after every restart:

systemctl enable vsftpd

Security Best Practices
– Always disable anonymous login.
– Use **SSL/TLS** for encrypted connections.
– Install:

dnf install mod_ssl openssl -y

Generate certificate:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Update config:

ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem

Restart service:

systemctl restart vsftpd

Testing FTP Server
From client system:

ftp server-ip

Or use:
curl ftp://ftpuser:password@server-ip/

Conclusion
In this blog, we learned how to:
– Install and configure vsftpd in Rocky Linux 8
– Modify vsftpd configuration and tuning parameters
– Secure the FTP server with firewall, SELinux, and SSL/TLS
– Create users and test FTP access

With this setup, you now have a fully functional and secure FTP server for file transfers.