How to install, configure and manage vsftpd on Linux CentOS

In this tutorial, we will learn how to install, configure and use the vsFTPd Service on the CentOS Linux.

About vsFTPd and more details :

vsftpd, which stands for "Very Secure FTP Daemon", 
is an FTP server for Unix-like systems, including 
Linux. It is licensed under the GNU General Public 
License. It supports IPv6 and SSL.

vsftpd supports explicit (since 2.0.0) and 
implicit (since 2.1.0) FTPS.

vsftpd is the default FTP server in the Ubuntu, 
CentOS, Fedora, NimbleX, Slackware and RHEL 
Linux distributions.

Source: Wikipedia

Additionnaly, vsftpd is one of the few FTP Service which can be chroot jail.

Topology used in this scenario:

1 Ethernet card (eth0) connected to a router, which :
 -  forward port 21 / TCP to
 -  forward port 2000 to 2050 TCP to
Internet IP :
Internal IP :
Existing Subnet:

User(s) that will be given right to FTP:
user1, user2 and user4

Installation :

To install vsftpd on your CentOS server, simply type the following command as root, accept and install vsftpd:

yum install vsftpd

Configuration : 

By default, the vsftpd configuration file is not very well suited for a “private” ftp. This is why we will edit this configuration file with our favorite text editor such as `nano` or `vi` :

nano /etc/vsftpd/vsftpd.conf

The file should look like this :

# General Options
ftpd_banner=Private FTP Service

# Connections Options

# Passive transfer options

# User controls

# Security Options

# Misc options

Security Options

This configuration will by default chroot all local users so that users are lock to their home directory, except if you add their username in the file /etc/vsftpd/chroot_list which is not recommended and only suggested if you know what you are doing.

User(s) Control :

Since we specify in the configuration that we want to explicitly say which user(s) are allowed to use the FTP service, we need to edit the following file /etc/vsftpd/user_list and add the user1, user2, user4 using your favorite text editor such as `nano` or `vi` :

nano /etc/vsftpd/user_list

Then, if there something in the file, delete everything, and make it look like :


Please take note that all other user(s), regardless of who they are, will not be allowed if they aren’t mentioned in this file.

Service Configuration :

Type the following command to make sure that vsftpd start at boot time :

chkconfig --level 345 vsftpd on

Firewall Configuration :

Assuming that you did correctly forward the port from your router to your CentOS server as required in the Topology, you will probably need to add some iptables firewall rules to allow the connections to come in and out.

Run the following commands to add the necessary rules :

/sbin/iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m multiport --dports 2000:2050 -j ACCEPT
/sbin/service iptables save
/sbin/service iptables restart

Running the vsftpd Service and trying it :

Type the following command to start the service :

/sbin/service vsftpd start

To stop the vsftpd service, type this :

/sbin/service vsftpd stop

To test to see if the vsftpd work and listen, type the following command :

telnet localhost 21

This should output something similair to this :

Connected to localhost.localdomain (
Escape character is '^]'.
220 Private FTP Service

Additionnaly, if tested from outside (the Internet, outside our network), we should have a similar result when trying to telnet into our Internet IP on port 21 :

Connected to server.hostname (
Escape character is '^]'.
220 Private FTP Service

Finally and important, if you use SELinux, run these commands to allow ftp activities on the server :

setsebool -P allow_ftpd_full_access 1
setsebool -P ftp_home_dir 1