Help Center> Huawei Cloud EulerOS> Best Practices> Setting Up an FTP Site
Updated on 2024-05-08 GMT+08:00
View PDF

Setting Up an FTP Site

Introduction

vsftpd (very secure FTP daemon), is an FTP server for Unix-like systems, including Linux. This tutorial describes how you can deploy vsftpd in Huawei Cloud EulerOS 2.0.

To set up an FTP site using a CentOS image, refer to Setting Up an FTP Site (Linux).

Preparations

  • Prepare an ECS and assign a public IP address or EIP to the ECS.
  • Ensure that inbound security group rules allow traffic to flow to the ECS over port 21.

Procedure

  1. Install vsftpd and start it.

    1. Run the following command to install vsftpd:
      dnf install vsftpd
    2. Run the following command to start vsftpd:
      systemctl start vsftpd
    3. Run the following command to check the vsftpd status:
      systemctl status vsftpd

      If active (running) is displayed, vsftpd is started.

    To set vsftpd to automatically enable upon system boot, run the following command:

    systemctl enable vsftpd

  2. Add a user for the FTP service.

    1. Run the following command to create a user for the FTP service:
      adduser ftp
    2. Run the following command to set a password of the created user:
      passwd ftp

  3. Configure vsftpd.

    1. Run the following commands to create directories and files for the FTP service (you can change the directories as required):
      mkdir -p /data/ftp/
touch /data/ftp/test.txt
    2. Run the following command to set the created user as the owner of the directories:
      chown -R ftp:ftp /data/ftp/
    3. Open the /etc/vsftpd/vsftpd.conf file and set the following parameters:
      # Listen to IPv4 sockets.
listen=YES
# Determine whether to configure IPv6 listening.
listen_ipv6=YES
 
# Add the following parameters to the end of the configuration file:
# Set the directory where the local user resides after login.
local_root=/data/ftp/hce
# Restrict all users to the home directory.
chroot_local_user=YES
# Enable the passive mode.
pasv_enable=YES
pasv_address=<Public IP address of the FTP server>
chroot_list_enable=NO # Determine whether to allow users to access other directories.
# If chroot_list_enable is set to YES, you need to set chroot_list_file to a file that contains the users who can access other directories.
# chroot_list_file=/etc/vsftpd/chroot_list 
# Set the port range that can be used in passive mode. Set a large port range to improve the security of accessing the FTP server.
# Minimum port in the available port range
pasv_min_port=<port number>
# Maximum port in the available port range
pasv_max_port=<port number>

      Retain the default values for other parameters.

      The /etc/vsftpd/chroot_list file must be created regardless of whether chroot_list_enable is configured.

    4. Run the following command to restart vsftpd:
      systemctl restart vsftpd

  4. Verify vsftpd.

    1. Run the following command to check the port used by vsftpd:
      netstat -natp | grep vsftpd

      By default, port 21 is used.

    2. Configure inbound security group rules to enable port 21 and ports 5000 to 5010.
    3. In the Windows file manager, enter ftp://<Public IP address of the FTP server>:21 to access the FTP service. Enter the password, as shown in the following figure.

      If the following error occurs, add allow_writeable_chroot=YES to the end of the /etc/vsftpd/vsftpd.conf file and restart vsftpd:

      500 OOPS: vsftpd: refusing to run with writable root inside chroot()