Install and Configure ProFTPD (FTP Server) on Fedora 23

ProFTPD is an Open Source FTP server in Unix like operating System. ProFTPD stands for “Professional File Transfer Protocol (FTP) daemon” and comes under GPL License. Configuration file of ProFTPD is similar as of ‘Apache HTTPD Server‘ and it can configured as Stand alone server or via Xinetd.

In this article we will Install and Configure ProFTPD on Fedora 23 . Host name & ip address of my machine is :

  • hostname = fedora23.linuxtechi.com
  • ip address = 192.168.1.21

Step:1 Install ProFTPD package using below command.

Use below dnf command to install proftpd and proftpd-utils .

[root@fedora23 ~]# dnf install proftpd proftpd-utils

install-proftpd-uisng-dnf

Step:2 Edit ProFTPD config file.

Configure ProFTPD by making the required changes in config file ‘/etc/proftpd.conf’

Set the below parameters in the config file.

[root@fedora23 ~]# vi /etc/proftpd.conf

ServerName          "fedora23.linuxtechi.com"
ServerIdent          on "FTP Server ready."
ServerAdmin          [email protected]
DefaultServer        on
ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
ExtendedLog          /var/log/proftpd/auth.log AUTH auth
DefaultRoot          ~ !adm
AuthPAMConfig        proftpd
AuthOrder            mod_auth_pam.c* mod_auth_unix.c

config-file-proftpd-fedora23

Change the ServerName and ServerAdmin Email address as per your setup.

Note : All the users will be chroot to their home directory means users can’t access the files outside of their home directory .

Start and Enable the ProFTPD service.

[root@fedora23 ~]# systemctl start proftpd
[root@fedora23 ~]# systemctl enable proftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/proftpd.service to /usr/lib/systemd/system/proftpd.service.
[root@fedora23 ~]#

Now Create Group and Users for ProFTPD and set the required permissions on user’s home directory.

[root@fedora23 ~]# groupadd proftp_grp
[root@fedora23 ~]# mkdir /opt/ftp_dir
[root@fedora23 ~]# useradd -G proftp_grp -s /sbin/nologin -d /opt/ftp_dir pradeep
[root@fedora23 ~]#
[root@fedora23 ~]# chmod 1775 /opt/ftp_dir
[root@fedora23 ~]# chgrp proftp_grp /opt/ftp_dir
[root@fedora23 ~]# ls -ld /opt/ftp_dir/
drwxrwxr-t. 2 root proftp_grp 4096 Jan 24 09:55 /opt/ftp_dir/
[root@fedora23 ~]#

Now assign password to the user.

[root@fedora23 ~]# passwd pradeep

Note: In my case i have created a user ‘pradeep’ whose home directory is “/opt/ftp_dir/” and secondary group is “ proftp_grp”. Now using ftp client pradeep can download and upload files from their home directory.

Step:3 Set SELinux & Firewall Rules.

In case SELinux is enable then set the following selinux rules for FTP.

[root@fedora23 ~]# setsebool -P ftp_home_dir=1
[root@fedora23 ~]# setsebool -P allow_ftpd_full_access=1

Open the FTP port in  Operating System (OS) Firewall

[root@fedora23 ~]# firewall-cmd --permanent --add-port=21/tcp
success
[root@fedora23 ~]# firewall-cmd --reload
success
[root@fedora23 ~]#

Step:4 Enable Encryption between ProFTPD Server and FTP Clients

Connection between ProFTPD server and its client is consider less secure , so to make secure communication between Server and its clients we can use SSL certificates.

To generate SSL certificates we will use openssl command , use below command to install openssl if it is not installed.

[root@fedora23 ~]# dnf install openssl

Now Generate SSL certificates

[root@fedora23 ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/ftpserver.pem -out /etc/pki/tls/certs/ftpserver.pem

It will prompt you to enter the information associated with the certificate and will create a private key ‘/etc/pki/tls/certs/ftpserver.pem’

openssl-private-key-proftpd

Set the permission on Private Key :

[root@fedora23 ~]# chmod 600 /etc/pki/tls/certs/ftpserver.pem
[root@fedora23 ~]#

Add the following lines in ‘/etc/proftpd.conf

[root@fedora23 ~]# vi /etc/proftpd.conf
TLSEngine                  on
TLSRequired                on
TLSProtocol                SSLv23
TLSLog                     /var/log/proftpd/tls.log
TLSRSACertificateFile      /etc/pki/tls/certs/ftpserver.pem
TLSRSACertificateKeyFile   /etc/pki/tls/certs/ftpserver.pem

SSL-certificate-proftpd-config

Restart the ProFTPD service.

[root@fedora23 ~]# systemctl restart proftpd
[root@fedora23 ~]#

Open the ports in the OS firewall for TLS.

[root@fedora23 ~]# firewall-cmd --add-port=1024-65534/tcp
success
[root@fedora23 ~]# firewall-cmd --add-port=1024-65534/tcp --permanent
success
[root@fedora23 ~]# firewall-cmd --reload
success

Step:5 Connect to ProFTPD server using Filezilla.

FileZilla-ubuntu-linux

Click on Connect…

ProFTPD-certificate

Click On ‘OK’ to trust the Certificate.

ProFTPD-successful-login

As we are able to login successfully, now you can download & upload files to your home directory.

Hope you like installation and Configuration steps 🙂

Leave a Comment