FTP Server Configuration

Configuration of VSFTPD

Vsftpd configuration file can be found on /etc/vsftpd/vsftpd.conf. After making any change in the file you need to restart the vsftpd service.

Default setting

By default ftp is set for anonymous login, and only permits download not upload.

Anonymous user cannot create directory in default setting.

By default VSFTPD uses directory /var/ftp

Default log file location is /var/log/vsftpd.log

Options in vsftpd.conf

To disable anonymous FTP

anonymous_enable=NO


To allow local users to log in

local_enable=YES

To allow any form of FTP write command.

write_enable=YES


To enable the anonymous FTP user to upload files

anon_upload_enable=YES


Only allow users to see their directory

chroot_local_user=YES

To log all ftp actions (not just transfers)

log_ftp_protocol=YES


In anonymous FTP, define the directory that visitors will visit.

anon_root=/data/directory


To allow anonymous user to create directory

anon_mkdir_write_enable


FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have. The directive in this file is.

ftpd_banner= New Banner Here


You can create warning banners for all FTP users, by defining the path:

banner_file=/etc/vsftpd/issue


Anonymous Upload directory

If you want remote users to write data to your FTP server, then you should create a write-only directory within /var/ftp/pub. This will allow your users to upload but not access other files uploaded by other users. The commands you need are:

[root@localhost tmp]# mkdir /var/ftp/pub/upload

[root@localhost tmp]# chmod 722 /var/ftp/pub/upload


There are many other options you can add to this file:

Limiting the maximum number of client connections (max_clients)

Limiting the number of connections by source IP address (max_per_ip)

The maximum rate of data transfer per anonymous login. (anon_max_rate)

The maximum rate of data transfer per non-anonymous login. (local_max_rate)