| |
In this article, we will learn how to use Proftpd set up FTP server running Fedora 22 on a computer or server. ProFTPD is a free and open source under the GPL licensed FTP server software, is the mainstream FTP server on Linux. Its primary design goal is to provide many advanced features as well as to provide users with a wealth of configuration options to easily customize. It has many configuration options in a number of other FTP server software was still not. It was originally developed as wu-ftpd server easier to configure a more secure alternative.
FTP server is a software, users can install an FTP client or from its remote server upload and download files and directories. The following are some of the main functions of ProFTPD server, more detailed information can be accessed http://www.proftpd.org/features.html.
Each directory may contain ".ftpaccess" file is used for access control, similar to Apache's ".htaccess"
Support multiple virtual FTP servers and multi-user login and anonymous FTP services.
As a standalone service or process started by inetd / xinetd start
Its file / directory attributes, owner and permissions are UNIX-based approach.
It can be run independently, protects the system from root access may bring damage.
The modular design it can easily be extended to other modules, such as LDAP servers, SSL / TLS encryption, RADIUS support, and so on.
ProFTPD server also supports IPv6.
Here is how to use ProFTPD running a few simple steps to set up an FTP server on Fedora 22 operating system computer.
1. Install ProFTPD
First, we will Proftpd install software on machines running Fedora 22. Because the yum package manager has been rejected, we will use the latest and best package manager dnf. DNF is easy to use, is the Fedora 22 uses a very user-friendly package manager. We will use it to install proftpd software. This requires a terminal or console run the following command sudo mode.
$ Sudo dnf -y install proftpd proftpd-utils
Configuring ProFTPD
Now, we will modify some of the configuration software. To configure it, we need to edit /etc/proftpd.conf file with a text editor. /etc/proftpd.conf file is the main configuration file ProFTPD software, so any changes will affect this file to an FTP server. Here, we make the initial step in changes.
$ Sudo vi /etc/proftpd.conf
Then, after opening the file with a text editor, we would like to change the next ServerName and ServerAdmin, respectively fill in their own domain name and email address. Here's what we changed.
ServerName "ftp.linoxide.com"
ServerAdmin arun@linoxide.com
After this, we will set the following is added to the configuration file, which would allow the server access and authorization records to the appropriate log file.
ExtendedLog / var / log / proftpd / access.log WRITE, READ default
ExtendedLog / var / log / proftpd / auth.log AUTH auth
3. Add an FTP user
After setting the basic profile, we naturally want to add a particular directory to the root directory of the FTP user. Currently logged-on user can automatically use FTP service can be used to log in to the FTP server. However, in this tutorial, we will create a specified directory on the ftp server-based directory of new users.
Next, we will create a new user name is ftpgroup group.
$ Sudo groupadd ftpgroup
Then, we will catalog / ftp-dir / add a new user's home directory as arunftp and join this group.
$ Sudo useradd -G ftpgroup arunftp -s / sbin / nologin -d / ftp-dir /
After you create a user and user group to join, we will provide users arunftp set a password.
$ Sudo passwd arunftp
Changing password for user arunftp.
New password:
Retypenew password:
passwd: all authentication tokens updated successfully.
Now, we will adopt the following command to set the ftp user's home directory access rights (LCTT Annotation: This is the SELinux settings, if SELinux is not enabled, you can not).
$ Sudo setsebool -P allow_ftpd_full_access = 1
$ Sudo setsebool -P ftp_home_dir = 1
Then, we set allow other users to move or rename the directory and its contents.
$ Sudo chmod -R 1777 / ftp-dir /
4. Open TLS support
FTP encryption currently used is not secure, anyone can read the data transferred via FTP monitor card. Therefore, we will own the server to open the TLS encryption support. In this case, you need to edit the configuration file /etc/proftpd.conf. Prior to this, we first look at the current backup configuration file, you can ensure that the problem can be restored after the change.
$ Sudo cp /etc/proftpd.conf /etc/proftpd.conf.bak
Then, we can use your favorite text editor to modify the configuration file.
$ Sudo vi /etc/proftpd.conf
Then, the following lines attached to the back of our increased content in step 2.
TLSEngine on
TLSRequired on
TLSProtocolSSLv23
TLSLog / var / log / proftpd / tls.log
TLSRSACertificateFile / etc / pki / tls / certs / proftpd.pem
TLSRSACertificateKeyFile / etc / pki / tls / certs / proftpd.pem
After completion of the above settings, you save and exit.
Then, we need to generate an SSL certificate proftpd.pem and put / etc / pki / tls / certs / directory. In this case, you first need to install openssl on Fedora 22.
$ Sudo dnf install openssl
You can then generate an SSL certificate by executing the following command.
$ Sudo openssl req -x509 -nodes -newkey rsa: 2048-keyout /etc/pki/tls/certs/proftpd.pem -out / etc / pki / tls / certs / proftpd.pem
You'll be asked to write the number of credentials in the basic information. After filling out the information, it will generate a 2048 bits RSA private key.
Generating a 2048 bit RSA private key
................... +++
................... +++
writing newprivate key to '/etc/pki/tls/certs/proftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a DistinguishedNameor a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', The field will be left blank.
-----
CountryName (2 letter code) [XX]: NP
StateorProvinceName (full name) []: Narayani
LocalityName (eg, city) [DefaultCity]: Bharatpur
OrganizationName (eg, company) [DefaultCompanyLtd]: Linoxide
OrganizationalUnitName (eg, section) []: LinuxFreedom
CommonName (eg, your name or your server's hostname) []: ftp.linoxide.com
Email Address []: arun@linoxide.com
After that, we have to change the permissions of the file to generate vouchers for added security.
$ Sudo chmod 600 / etc / pki / tls / certs / proftpd.pem
5. Allow FTP via Firewall
Now, the need to allow ftp port, usually the default firewall blocked. That is, the need to allow ftp access port through the firewall.
If you open the TLS / SSL encryption, execute the following command.
$ Sudo firewall-cmd --add-port = 1024-65534 / tcp
$ Sudo firewall-cmd --add-port = 1024-65534 / tcp --permanent
If you do not open the TLS / SSL encryption, execute the following command.
$ Sudo firewall-cmd --permanent --zone = public - add-service = ftp
success
Then, reload the firewall settings.
$ Sudo firewall-cmd --reload
success
6. Start and activate ProFTPD
After all the settings, and the last is to start ProFTPD try. You can run the following command to start proftpd ftp daemon.
$ Sudo systemctl start proftpd.service
Then, we can set the boot.
$ Sudo systemctl enable proftpd.service
Created symlink from / etc / systemd / system / multi-user.target.wants / proftpd.service to /usr/lib/systemd/system/proftpd.service.
7. Log on to the FTP server
Now, if this is in accordance with the set a good tutorial, we will be able to connect to the ftp server and use the information above to set up login. Here, we look at the configuration of the FTP client filezilla, IP or server name is used as the host name *, * FTP protocol selection, the user name filled arunftp, password is set in step 3 above password. If you follow the step 4 to open the way TLS support, you also need to select the type of encryption required explicit TLS-based FTP, if not open, do not want to use TLS encryption, encryption type selection simple FTP.
Do these settings, open the File menu, click Site Manager, and then click New Site, then the above manner.
The system then will be asked to allow the SSL certificate, click OK. After that, you can upload and download files and folders from our FTP server.
to sum up
Finally, we have successfully installed and configured Proftpd FTP server on Fedora 22 machine. Proftpd is a super powerful, highly customizable and can be extended FTP daemon software. The above tutorial shows you how to configure a TLS encrypted using secure FTP server. It is strongly recommended to set FTP server supports TLS encryption, because it allows the use of SSL encrypted data transmission and login credentials. In this paper, we do not have to configure anonymous FTP access, because generally protected FTP system is not recommended. FTP access allows people to upload and download very simple and more efficient. We can also change the user interface for added security. Well, if you have any questions, suggestions, feedback, please leave a message in the comments section below, so that we can improve and update the content of the article. |
|
|
|