StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Jaminto did a great job of answering the question, but I recently went through the process myself and wanted to expand on Jaminto's answer.</p> <p>I'm assuming that you already have an EC2 instance created and have associated an Elastic IP Address to it.<br> <br><br></p> <h2>Step #1: Install vsftpd</h2> <p>SSH to your EC2 server. Type:</p> <pre><code>> sudo yum install vsftpd </code></pre> <p>This should install vsftpd. <br><br></p> <h2>Step #2: Open up the FTP ports on your EC2 instance</h2> <p>Next, you'll need to open up the FTP ports on your EC2 server. Log in to the AWS EC2 Management Console and select Security Groups from the navigation tree on the left. Select the security group assigned to your EC2 instance. Then select the Inbound tab, then click Edit:</p> <p><img src="https://i.stack.imgur.com/GVDMP.png" alt="enter image description here"></p> <p>Add two Custom TCP Rules with port ranges 20-21 and 1024-1048. For Source, you can select 'Anywhere'. If you decide to set Source to your own IP address, be aware that your IP address might change if it is being assigned via DHCP.</p> <p><img src="https://i.stack.imgur.com/QuXjr.jpg" alt="enter image description here"></p> <p><br><br></p> <h2>Step #3: Make updates to the vsftpd.conf file</h2> <p>Edit your vsftpd conf file by typing:</p> <pre><code>> sudo vi /etc/vsftpd/vsftpd.conf </code></pre> <p>Disable anonymous FTP by changing this line:</p> <pre><code>anonymous_enable=YES </code></pre> <p>to </p> <pre><code>anonymous_enable=NO </code></pre> <p>Then add the following lines to the bottom of the vsftpd.conf file:</p> <pre><code>pasv_enable=YES pasv_min_port=1024 pasv_max_port=1048 pasv_address=<Public IP of your instance> </code></pre> <p>Your vsftpd.conf file should look something like the following - except make sure to replace the pasv_address with your public facing IP address:</p> <p><img src="https://i.stack.imgur.com/MqGmg.jpg" alt="enter image description here"></p> <p>To save changes, press escape, then type <code>:wq</code>, then hit enter.</p> <p><br><br></p> <h2>Step #4: Restart vsftpd</h2> <p>Restart vsftpd by typing:</p> <pre><code>> sudo /etc/init.d/vsftpd restart </code></pre> <p>You should see a message that looks like:</p> <p><img src="https://i.stack.imgur.com/oGWgL.jpg" alt="enter image description here"></p> <p><br> If this doesn't work, try:</p> <pre><code>> sudo /sbin/service vsftpd restart </code></pre> <p><br><br></p> <h2>Step #5: Create an FTP user</h2> <p>If you take a peek at /etc/vsftpd/user_list, you'll see the following:</p> <pre><code># vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody </code></pre> <p>This is basically saying, "Don't allow these users FTP access." vsftpd will allow FTP access to any user not on this list.</p> <p>So, in order to create a new FTP account, you may need to create a new user on your server. (Or, if you already have a user account that's not listed in /etc/vsftpd/user_list, you can skip to the next step.)</p> <p>Creating a new user on an EC2 instance is pretty simple. For example, to create the user 'bret', type:</p> <pre><code>> sudo adduser bret > sudo passwd bret </code></pre> <p>Here's what it will look like:</p> <p><img src="https://i.stack.imgur.com/A7Dad.jpg" alt="enter image description here"></p> <p><br><br></p> <h2>Step #6: Restricting users to their home directories</h2> <p>At this point, your FTP users are not restricted to their home directories. That's not very secure, but we can fix it pretty easily. </p> <p>Edit your vsftpd conf file again by typing:</p> <pre><code>> sudo vi /etc/vsftpd/vsftpd.conf </code></pre> <p>Un-comment out the line:</p> <pre><code>chroot_local_user=YES </code></pre> <p>It should look like this once you're done:</p> <p><img src="https://i.stack.imgur.com/5atwI.jpg" alt="enter image description here"> </p> <p>Restart the vsftpd server again like so:</p> <pre><code>> sudo /etc/init.d/vsftpd restart </code></pre> <p>All done!</p> <p><br></p> <h2>Appendix A: Surviving a reboot</h2> <p>vsftpd doesn't automatically start when your server boots. If you're like me, that means that after rebooting your EC2 instance, you'll feel a moment of terror when FTP seems to be broken - but in reality, it's just not running!. Here's a handy way to fix that:</p> <pre><code>> sudo chkconfig --level 345 vsftpd on </code></pre> <p>Alternatively, if you are using redhat, another way to manage your services is by using this nifty graphic user interface to control which services should automatically start:</p> <pre><code>> sudo ntsysv </code></pre> <p><img src="https://i.stack.imgur.com/DWa49.jpg" alt="enter image description here"></p> <p>Now vsftpd will automatically start up when your server boots up.</p> <p><br></p> <h2>Appendix B: Changing a user's FTP home directory</h2> <p><strong>* NOTE: Iman Sedighi has posted a more elegant solution for restricting users access to a specific directory. Please refer to his excellent solution posted as an answer *</strong></p> <p>You might want to create a user and restrict their FTP access to a specific folder, such as /var/www. In order to do this, you'll need to change the user's default home directory:</p> <pre><code>> sudo usermod -d /var/www/ username </code></pre> <p>In this specific example, it's typical to give the user permissions to the 'www' group, which is often associated with the /var/www folder: </p> <pre><code>> sudo usermod -a -G www username </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload