Help Center/ Elastic Cloud Server/ Best Practices/ Setting Up an Application/ Setting Up an FTP Site/ Setting Up an FTP Site (CentOS 7.2)
Updated on 2025-08-06 GMT+08:00
View PDF
Share

Setting Up an FTP Site (CentOS 7.2)

Scenarios

This section guides you through the setup of an FTP site on a Linux ECS using vsftpd. vsftpd is an FTP server software that is widely used in Linux releases. The CentOS 7.2 64bit OS is used as an example in this section.

Solution Architecture

Figure 1 Setting up an FTP site (Linux)

Advantages

  • A website with a simple networking architecture can be quickly set up.
  • The website is secure and easy to use.

Resource Planning

Table 1 Resources and costs

Resource

Description

Cost

VPC

VPC CIDR block: 192.168.0.0/16

Free

VPC subnet
  • AZ: AZ1
  • CIDR block: 192.168.0.0/24

Free

Security group
Inbound rule (active mode):
  • Priority: 1
  • Action: Allow
  • Type: IPv4
  • Protocol & Port: TCP: 20-21
  • Source: 0.0.0.0/0
Inbound rule (passive mode):
  • Priority: 1
  • Action: Allow
  • Type: IPv4
  • Protocol & Port: TCP: 21 and ports configured in vsftpdconf
  • Source: 0.0.0.0/0

Free

ECS
  • Billing mode: Yearly/Monthly
  • AZ: AZ1
  • Flavor: s6.large.2
  • Image: CentOS 7.2 64bit
  • System disk: 40 GiB
  • EIP: Auto assign
  • EIP type: Dynamic BGP
  • Billed by: Traffic
  • Bandwidth: 5 Mbit/s

The following resources generate costs:

  • ECSs
  • EVS disks
  • EIPs

For billing details, see Billing Modes.

vsftpd

A free, open-source FTP software.

Free

Process

The process of manually setting up an FTP website on a Linux ECS is as follows:
  1. Install vsftpd.
  2. Configure vsftpd.
  3. Configure a security group.
  4. Verify the configuration on the client.

Procedure

  1. Install vsftpd.

    1. Log in to the ECS.
    2. Run the following command to install vsftpd: 
      yum install -y vsftpd

      If information similar to the following is displayed, vsftpd has been installed.

    3. Run the following command to configure enable FTP to start automatically upon ECS startup: 
      systemctl enable vsftpd.service
    4. Run the following command to start FTP: 
      systemctl start vsftpd.service
    5. Run the following command to obtain the port running FTP: 
      netstat -antup | grep ftp

      Information similar to the following is displayed.

  2. Configure vsftpd.

    After vsftpd is installed, anonymous FTP is enabled by default, allowing you to log in to the FTP server without requiring the login username and password. However, you are not allowed to modify or upload files. If you attempt to log in to the FTP server using the Linux OS account, your request will be rejected by vsftpd, but you are allowed to configure the username and password in vsftpd for logging in to the FTP server. To do so, perform the following operations:

    1. Create a user.

      For example, to create user ftpadmin, run the following command:

      useradd ftpadmin
    2. Run the following command to configure the password of user ftpadmin: 
      passwd ftpadmin
    3. Run the following command to create a file directory for the FTP server, /var/ftp/work01 is used as an example: 
      mkdir /var/ftp/work01
    4. Run the following command to change the owner of the created file directory to the local user for logging in to the FTP server: 
      chown -R ftpadmin:ftpadmin /var/ftp/work01
    5. Modify the vsftpd.conf configuration file.
      1. Run the following command to open the file: 
        vi /etc/vsftpd/vsftpd.conf
      2. Press i to enter insert mode.
      3. Modify the vsftpd.conf file.

        Set FTP to active or passive mode based on site requirements. If other Huawei Cloud ECSs need to use EIPs to access the FTP server that is set up on a Huawei Cloud ECS, set FTP to passive mode.

        • Parameters for configuring the active FTP mode: 
          #No anonymous login to the FTP server is allowed. Local users are allowed to log in to the FTP server with their local file directories specified.
anonymous_enable=NO              #No anonymous login to the FTP server is allowed.
local_enable=YES                 #Local users are allowed to log in to the FTP server.
local_root=/var/ftp/work01       #Specifies the file directory used by a local FTP user.

#The following parameter allows login users to visit their own home directories:
chroot_local_user=YES                      #The directory access rule applies to all users.
chroot_list_enable=YES                     #The directory access rule does not apply to exclusive users.
chroot_list_file=/etc/vsftpd/chroot_list   #Specifies exclusive users.
allow_writeable_chroot=YES
        • The passive FTP mode requires not only all the parameters configured for the active FTP mode, but also include the following parameter settings: 
          #The public IP address of the FTP server and the range of accessible ports must also be configured.
listen=YES                    
listen_ipv6=NO                
pasv_address=xx.xx.xx.xx      #Public IP address of the FTP server
           
pasv_min_port=3000            #Minimum port number in passive FTP mode
pasv_max_port=3100            #Maximum port number in passive FTP mode
      4. Press Esc to exit insert mode. Then, enter :wq to save the settings and exit.
      5. Create the chroot_list file in /etc/vsftpd/. 
        touch chroot_list

        The chroot_list file contains exclusive users to whom the home directory access rules do not apply. To allow a user to access non-home directories, add the username to this file. If there is no exclusive user, the chroot_list file can be left blank, but the file must be available.

    6. Run the following command to restart vsftpd to apply the setting: 
      systemctl restart vsftpd.service

  3. Configure a security group.

    After setting up the FTP site, add an inbound rule to the security group to allow packets to pass through the FTP port. For details, see Adding a Security Group Rule.

    Table 2 Security group rules

    Priority

    Action

    Type

    Protocol & Port

    Source

    1

    Allow

    IPv4

    Protocols/TCP (Custom): 20-21

    0.0.0.0/0

    1

    Allow

    IPv4

    Protocols/TCP (Custom): 1024-65535 (for example, 5000-6000)

    0.0.0.0/0

  4. Verify the configuration on the client.

    On the computer with the client installed, enter ftp://<server-IP-address>:<FTP-port-number> in the address bar. If you do not specify the port number, port 21 is used by default. If a dialog box is displayed for you to enter the username and password, the configuration is correct. After entering the username and password, you can perform operations on the FTP folder with assigned permissions.

    • If active FTP mode is selected, use this method to configure the Internet Explorer browser. Otherwise, the FTP folder will be inaccessible. To configure the Internet Explorer browser, choose Tools > Internet Options > Advanced, select Enable FTP folder view, and deselect Use Passive FTP.
    • If an error occurs when you use a browser to access the FTP server, clear the browser caches and try again.

Parent topic: Setting Up an FTP Site