Delivery-focussed Elixir, Python, XSL/XQuery, (No)SQL, and Agile consultancy, specialising in content migration, API design, and (micro)services.

LinkedIn Octocat RSS

Setting up vsftpd on CentOS

“vsftpd” stands for “Very Secure File Transfer Protocol Daemon”, and is one of the easier FTP daemons to install. Despite this, I’ve always had to battle with it to get it configured correctly, but I always find it’s usually down to configuring it in a rush or in the “background” while doing other things.


The commands below are being run a priviledged user. Remember to prefix sudo if you’re running the commands as an unpriviledged user.

Also, I use mg as my main text editor, which is an simple emacs clone. Feel free to use nano, vi, or any other program in it’s place.


If it’s not already installed, nstalling vsftpd on CentOS is as simple as:

$ yum install vsftpd

You’ll probably want to set up vsftp so it starts up with all the other services on boot:

$ chkconfig add vsftpd
$ chkconfig vsftp on


Firstly we’ll set up an FTP group:

$ groupadd ftpusers

…and an FTP-specific user:

$ useradd -G ftpusers -d /path/to/your/dir -s /sbin/nologin ftpuser

The /sbin/nologin shell should be listed in /etc/shells by default on CentOS. If not, find the location of your nologin binary and add the path to the end of the file.

Then we’ll add a password for the user:

$ passwd ftpuser

Next we need to make sure that this new user has permission to read and write the directory:

$ chown -R ftpuser /path/to/your/dir
$ chmod 775 path/to/your/dir

Now we can configure the daemon itself. Firstly, stop the daemon if it’s already running:

$ service vsftpd stop

Then we can edit the main config file:

$ mg /etc/vsftpd/vsftpd.conf

…making the following changes:

Disable anonymous login:


Enable local users:


The ftpuser should be able to write data:


Port 20 need to turned off, makes vsftpd run less privileged:


Chroot everyone:


Umask should be already set to 022 in the default config file, which makes sure that all the files and folders that are uploaded receive the proper permissions (644 and 755, respectively).


We also need to add the following lines to add the FTP user we created earlier:

# the list of users to give access
# this list is on
# It is not a list of users to deny ftp access

Then save those changes and exit.

Next we need to create the userlist file we’ve just assigned:

$ /etc/vsftpd/vsftpd.userlist

…and add the user:


Save these changes and exit.

We should be good to go, so let’s start the vsftpd:

$ service vsftpd start

If we’ve been successful, we should be able to access the ftp server. Fire up another terminal instance and try it:

$ ftp ftpuser@yourhost
Connected to yourhost.
220 (vsFTPd 2.2.2)
331 Please specify the password.

Enter your password and you should be in!


If you’re having trouble here are a few things to check:

Firstly, check all the paths you’ve entered. I know it seems silly, but this is usually the cause. Checking the path for the nologin shell, for the userlist, etc.

SELinux always seems to get in the way. A lot of posts will tell you to simply disable it. This advice should be considered harmful. Instead, you can simply enable FTP access in SELinux using the following commands.

$ setsebool -P allow_ftpd_full_access 1
$ setsebool -P ftp_home_dir=1

Further information on SELinux boolean flags can be found on the CentOS website.

Originally posted: Jan 01 2013