Install and Configure ProFTPD (FTP Server) on Fedora 23
Abstract: [[email protected] ~]# chgrp proftp_grp /opt/ftp_dirTLSRSACertificateKeyFile /etc/pki/tls/certs/ftpserver.pem Restart the ProFTPD service. [[email p
ProFTPD is an Open Source FTP server in Unix like operating System. ProFTPD stands for 「Professional File Transfer Protocol (FTP) daemon」 and comes under GPL License. Configuration file of ProFTPD is similar as of ‘Apache HTTPD Server‘ and it can configured as Stand alone server or via Xinetd.
In this article we will Install and Configure ProFTPD on Fedora 23 . Host name & ip address of my machine is :
- hostname = fedora23.linuxtechi.com
- ip address = 192.168.1.21
Use below dnf command to install proftpd and proftpd-utils .
[[email protected] ~]# dnf install proftpd proftpd-utils
Step:2 Edit ProFTPD config file.
Configure ProFTPD by making the required changes in config file ‘/etc/proftpd.conf’
Set the below parameters in the config file.
[[email protected] ~]# vi /etc/proftpd.conf ServerName "fedora23.linuxtechi.com" ServerIdent on "FTP Server ready." ServerAdmin [email protected] DefaultServer on ExtendedLog /var/log/proftpd/access.log WRITE,READ default ExtendedLog /var/log/proftpd/auth.log AUTH auth DefaultRoot ~ !adm AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c
Change the ServerName and ServerAdmin Email address as per your setup.
Note : All the users will be chroot to their home directory means users can’t access the files outside of their home directory .
Start and Enable the ProFTPD service.
[[email protected] ~]# systemctl start proftpd [[email protected] ~]# systemctl enable proftpd Created symlink from /etc/systemd/system/multi-user.target.wants/proftpd.service to /usr/lib/systemd/system/proftpd.service. [[email protected] ~]#
Now Create Group and Users for ProFTPD and set the required permissions on user’s home directory.
[[email protected] ~]# groupadd proftp_grp [[email protected] ~]# mkdir /opt/ftp_dir [[email protected] ~]# useradd -G proftp_grp -s /sbin/nologin -d /opt/ftp_dir pradeep [[email protected] ~]# [[email protected] ~]# chmod 1775 /opt/ftp_dir [[email protected] ~]# chgrp proftp_grp /opt/ftp_dir [[email protected] ~]# ls -ld /opt/ftp_dir/ drwxrwxr-t. 2 root proftp_grp 4096 Jan 24 09:55 /opt/ftp_dir/ [[email protected] ~]#
Now assign password to the user.
[[email protected] ~]# passwd pradeep
Note: In my case i have created a user ‘pradeep’ whose home directory is 「/opt/ftp_dir/」 and secondary group is 「 proftp_grp」. Now using ftp client pradeep can download and upload files from their home directory.
Step:3 Set SELinux & Firewall Rules.In case SELinux is enable then set the following selinux rules for FTP.
[[email protected] ~]# setsebool -P ftp_home_dir=1 [[email protected] ~]# setsebool -P allow_ftpd_full_access=1
Open the FTP port in Operating System (OS) Firewall
[[email protected] ~]# firewall-cmd --permanent --add-port=21/tcp success [[email protected] ~]# firewall-cmd --reload success [[email protected] ~]#Step:4 Enable Encryption between ProFTPD Server and FTP Clients
Connection between ProFTPD server and its client is consider less secure , so to make secure communication between Server and its clients we can use SSL certificates.
To generate SSL certificates we will use openssl command , use below command to install openssl if it is not installed.
[[email protected] ~]# dnf install openssl
Now Generate SSL certificates
[[email protected] ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/ftpserver.pem -out /etc/pki/tls/certs/ftpserver.pem
It will prompt you to enter the information associated with the certificate and will create a private key ‘/etc/pki/tls/certs/ftpserver.pem’
Set the permission on Private Key :
[[email protected] ~]# chmod 600 /etc/pki/tls/certs/ftpserver.pem [[email protected] ~]#
Add the following lines in ‘/etc/proftpd.conf‘
[[email protected] ~]# vi /etc/proftpd.conf TLSEngine on TLSRequired on TLSProtocol SSLv23 TLSLog /var/log/proftpd/tls.log TLSRSACertificateFile /etc/pki/tls/certs/ftpserver.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/ftpserver.pem
Restart the ProFTPD service.
[[email protected] ~]# systemctl restart proftpd [[email protected] ~]#
Open the ports in the OS firewall for TLS.
[[email protected] ~]# firewall-cmd --add-port=1024-65534/tcp success [[email protected] ~]# firewall-cmd --add-port=1024-65534/tcp --permanent success [[email protected] ~]# firewall-cmd --reload successStep:5 Connect to ProFTPD server using Filezilla.
Click on Connect…
Click On ‘OK’ to trust the Certificate.
As we are able to login successfully, now you can download & upload files to your home directory.
Hope you like installation and Configuration steps ?