lang="en-US"> Linux Tutorial: Create vsftpd FTP accounts Red Hat –  Design1online.com, LLC

Linux Tutorial: Create vsftpd FTP accounts Red Hat

You’ll need to be logged in as a admin user otherwise you’ll need to use su or sudo in front of these commands.

Setting up the account

  1. Modify shell file:
    • vi /etc/shells
  2. Press letter i to go into insert mode
  3. Add /dev/null to the end of the list, it looks something like this now:
    • /bin/bash
    • /bin/sh
    • /bin/ash
    • /bin/bsh
    • /bin/zcsh
    • /dev/null
  4. Hit the escape key to exit insert mode. Save your changes:
    • :wq
  5. Now we’ll create the user’s account. Replace [username] with the name of the account you’re creating. Replace [home_dir] with the home directory you want them to be able to FTP into:
    • useradd -d [home_dir] -s /dev/null [username] > /dev/null 2>&1
  6. Next we’ll change the user’s password. Follow the prompt messages that come up:
    • passwd [username]
  7. Now we have to modify /etc/passwd to give them the correct “fake” shell we created
    • vi /etc/passwd
  8. Hit i to go into insert mode and find the line at the bottom with the username you created. Don’t change the [groupid] numbers that appear in the beginning. Change it to:
    • [username]:x:[groupid]:[groupid]::[home_dir]:/dev/null
  9. Hit escape to exit insert mode and save your changes
    • :wq
  10. Now we need to update the permissions on their [home_dir] folder so that the username with the same group owns the files and folders:
    • chown -R [username]:[username] [home_dir]

Setting up vsftpd

  1. Start by editing the vsftpd.conf file:
    • vi /etc/vsftpd/vsftpd.conf
  2. Press i to go into insert mode.
  3. Uncomment anonymous_enable and set it to no
    • anonymous_enable = NO
  4. Uncomment (or add if it’s not there) userlist enable and set it to yes
    • userlist_enable = YES
  5. Press escape to exit insert mode and save your changes:
    • :wq
  6. Now we’ll add the user we created to the userlist:
    • vi user_list
  7. Press i to go into insert mode
  8. Add [username] to the bottom of the list
  9. Hit escape to exit insert mode and save your changes:
    • :wq
  10. Start the vsftpd service:
    • service vsftpd start
  11. Test your ftp account. Replace [ip address] with the ip address of your machine. Enter the username and password when prompted. Voila, you’ve connected to ftp using that new user!:
    • ftp [ip_address]
    • [username]
    • [password]

Troubleshooting

530 Cannot Change Directory – double check that the [home_dir] has the proper permissions setup. The file should probably be chmod 0700 or 0755.

500 Permission Denied – Your username isn’t be recognized as being allowed FTP access by SELinux or isn’t on the userlist for sftp. Follow the steps above to add them to the userlist and modify your .conf file. Restart the service:

  • service vsftpd restart

If that still doesn’t work try this so SELinux will allow the FTP to change the users home directory:

  • setsebool -P ftp_home_dir=1

References: x | x | x

You may also like...

2 Responses

  1. crazywizard says:

    This is a warning to anybody intending to use this method. Since there’s a lot of play going on with accounts, please be careful and make sure you understand exactly what you’re doing. I have accidentally locked myself out of my server and can’t even login as root.!

  2. fr0zenpizza says:

    Watch out! Using a space inside the vsftpd.conf will prevent vsftpd from starting and will therefore result in an “ECONNREFUSED – Connection refused by server” error. At least that’s what happened on my machine.

    So don’t try adding
    userlist_enable = YES
    but use
    userlist_enable=YES
    instead.

    I would also like to use this moment to recommend using the following settings instead:
    userlist_deny=NO
    userlist_enable=YES
    userlist_file=/etc/vsftpd.allowed_users

    This way you can add allowed users to the /etc/vsftpd.allowed_users file. When login is denied, the denial is issued before the user is asked for a password (little bit of extra security).

Leave a Reply to fr0zenpizza Cancel reply