Updated on 2024-11-04 GMT+08:00

Setting Up an FTP Site (Linux)

Application Scenarios

The best practices for Huawei Cloud ECS guide you through the setup of an FTP site on a Linux ECS using very secure FTP daemon (vsftpd). vsftpd is an FTP server software that is widely used in Linux releases. The CentOS 7.2 64bit OS is used as an example in this section.

Architecture

Figure 1 Setting up an FTP site (Linux)

Advantages

  • A website with a simple networking architecture can be quickly set up.
  • The website is secure and easy to use.

Resource and Cost Planning

Table 1 Resources and costs

Resource

Description

Cost

VPC

VPC CIDR block: 192.168.0.0/16

Free

Subnet

  • AZ: AZ1
  • CIDR block: 192.168.0.0/24

Free

Security group

Inbound rule (active mode):
  • Priority: Set it to 1.
  • Action: Select Allow.
  • Type: Select IPv4.
  • Protocol & Port: Set it to TCP: 20-21.
  • Source: Set it to 0.0.0.0/0.
Inbound rule (passive mode):
  • Priority: Set it to 1.

  • Action: Select Allow.
  • Type: Select IPv4.
  • Protocol & Port: Set it to TCP: 21 and ports configured in vsftpdconf
  • Source: Set it to 0.0.0.0/0.

Free

ECS

  • Billing mode: Yearly/Monthly
  • AZ: AZ1
  • Flavor: s6.large.2
  • Image: CentOS 7.2 64bit
  • System disk: 40 GiB
  • EIP: Auto assign
  • EIP type: Dynamic BGP
  • Billed by: Traffic
  • Bandwidth: 5 Mbit/s

The following resources generate costs:

  • ECSs
  • EVS disks
  • EIPs

For billing details, see Billing Modes.

vsftpd

A free, open-source FTP software.

Free

Process

The process of manually setting up an FTP website on a Linux ECS is as follows:
  1. Install vsftpd.
  2. Configure vsftpd.
  3. Configure a security group.
  4. Verify the configuration on the client.

Procedure

  1. Install vsftpd.

    1. Log in to the ECS.
    2. The image source has been updated to a Huawei Cloud image source. For details, see How Can I Use an Automated Tool to Configure a Huawei Cloud Image Source (x86_64 and Arm)? This facilitates obtaining and updating the system and software.
    3. Run the following command to install vsftpd:

      yum install -y vsftpd

      If information similar to the following is displayed, vsftpd has been installed.

    4. Run the following command to configure automatic FTP enabling upon ECS startup:

      systemctl enable vsftpd.service

    5. Run the following command to start FTP:

      systemctl start vsftpd.service

    6. Run the following command to obtain the port running FTP:

      netstat -antup | grep ftp

      Information similar to the following is displayed.

  2. Configure vsftpd.

    After vsftpd is installed, anonymous FTP is enabled by default, allowing you to log in to the FTP server without requiring the login username and password. However, you are not allowed to modify or upload files. If you attempt to log in to the FTP server using the Linux OS account, your request will be rejected by vsftpd, but you are allowed to configure the username and password in vsftpd for logging in to the FTP server. To do so, perform the following operations:

    1. Create a user.

      For example, to create user ftpadmin, run the following command:

      useradd ftpadmin

    2. Run the following command to configure the password of user ftpadmin:

      passwd ftpadmin

    3. Run the following command to create a file directory for the FTP server, /var/ftp/work01 is used as an example:

      mkdir /var/ftp/work01

    4. Run the following command to change the owner of the created file directory to the local user for logging in to the FTP server:

      chown -R ftpadmin:ftpadmin /var/ftp/work01

    5. Modify the vsftpd.conf configuration file.
      1. Run the following command to open the file:

        vi /etc/vsftpd/vsftpd.conf

      2. Press i to enter insert mode.
      3. Modify the vsftpd.conf file.

        Set FTP to active or passive mode based on site requirements. If other Huawei Cloud ECSs are required to use public IP addresses to access the FTP site that is set up on a Huawei Cloud ECS, set FTP to passive mode.

        • Parameters to be configured for the active FTP mode:
          #No anonymous login to the FTP server is allowed. Local users are allowed to log in to the FTP server with their local file directories specified.
          anonymous_enable=NO              #No anonymous login to the FTP server is allowed.
          local_enable=YES                 #Local users are allowed to log in to the FTP server.
          local_root=/var/ftp/work01       #Specifies the file directory used by a local FTP user.
          
          #The following parameter allows login users to visit their own home directories:
          chroot_local_user=YES                      #The directory access rule applies to all users.
          chroot_list_enable=YES                     #The directory access rule does not apply to exclusive users.
          chroot_list_file=/etc/vsftpd/chroot_list   #Specifies exclusive users.
          allow_writeable_chroot=YES                 
          
        • Apart from the parameters configured in active FTP mode, the following parameters are also required for passive FTP mode:
          #The public IP address of the FTP server and the range of accessible ports must also be configured.
          listen=YES                    
          listen_ipv6=NO                
          pasv_address=xx.xx.xx.xx      #Public IP address of the FTP server
                     
          pasv_min_port=3000            #Minimum port number in passive FTP mode
          pasv_max_port=3100            #Maximum port number in passive FTP mode
      4. Press Esc to exit insert mode. Then, enter :wq to save the settings and exit.
      5. Create the chroot_list file in /etc/vsftpd/.

        touch chroot_list

        The chroot_list file contains exclusive users to whom the home directory access rules do not apply. To allow a user to access non-home directories, add the username to this file. If there is no exclusive user, the chroot_list file can be left blank, but the file must be available.

    6. Run the following command to restart vsftpd for the configuration to take effect:

      systemctl restart vsftpd.service

  3. Configure a security group.

    After setting up the FTP site, add a rule in the inbound direction of the security group to allow packets to pass through the FTP port. For details, see Adding a Security Group Rule.

    Table 2 Security group rules

    Priority

    Action

    Type

    Protocol & Port

    Source Address

    1

    Allow

    IPv4

    Protocols/TCP (Custom): 20-21

    0.0.0.0/0

    1

    Allow

    IPv4

    Protocols/TCP (Custom): 1024-65535 (for example, 5000-6000)

    0.0.0.0/0

  4. Verify the configuration on the client.

    On the computer with the client installed, enter ftp://IP address of the FTP server:FTP port number in the Internet Explorer address bar. If you do not specify the port number, port 21 is used by default. If a dialog box is displayed for you to enter the username and password, the configuration is correct. After entering the username and password, you can perform operations on the FTP folder with assigned permissions.

    • If active FTP mode is selected, use this method to configure the Internet Explorer browser. Otherwise, the FTP folder will be inaccessible. To configure the Internet Explorer browser, choose Tools > Internet Options > Advanced, select Enable FTP folder view, and deselect Use Passive FTP.
    • If an error occurs when you use a browser to access the FTP server, clear the browser caches and try again.