Install and Configure ProFTPD (FTP Server) on Fedora 23

ProFTPD is an Open Source FTP server in Unix like operating System. ProFTPD stands for “Professional File Transfer Protocol (FTP) daemon” and comes under GPL License. Configuration file of ProFTPD is similar as of ‘Apache HTTPD Server‘ and it can configured as Stand alone server or via Xinetd.

In this article we will Install and Configure ProFTPD on Fedora 23 . Host name & ip address of my machine is :

  • hostname = fedora23.linuxtechi.com
  • ip address = 192.168.1.21

Step:1 Install ProFTPD package using below command.

Use below dnf command to install proftpd and proftpd-utils .

[[email protected] ~]# dnf install proftpd proftpd-utils

install-proftpd-uisng-dnf

Step:2 Edit ProFTPD config file.

Configure ProFTPD by making the required changes in config file ‘/etc/proftpd.conf’

Set the below parameters in the config file.

[[email protected] ~]# vi /etc/proftpd.conf

ServerName          "fedora23.linuxtechi.com"
ServerIdent          on "FTP Server ready."
ServerAdmin          [email protected]
DefaultServer        on
ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
ExtendedLog          /var/log/proftpd/auth.log AUTH auth
DefaultRoot          ~ !adm
AuthPAMConfig        proftpd
AuthOrder            mod_auth_pam.c* mod_auth_unix.c

config-file-proftpd-fedora23

Change the ServerName and ServerAdmin Email address as per your setup.

Note : All the users will be chroot to their home directory means users can’t access the files outside of their home directory .

Start and Enable the ProFTPD service.

[[email protected] ~]# systemctl start proftpd
[[email protected] ~]# systemctl enable proftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/proftpd.service to /usr/lib/systemd/system/proftpd.service.
[[email protected] ~]#

Now Create Group and Users for ProFTPD and set the required permissions on user’s home directory.

[[email protected] ~]# groupadd proftp_grp
[[email protected] ~]# mkdir /opt/ftp_dir
[[email protected] ~]# useradd -G proftp_grp -s /sbin/nologin -d /opt/ftp_dir pradeep
[[email protected] ~]#
[[email protected] ~]# chmod 1775 /opt/ftp_dir
[[email protected] ~]# chgrp proftp_grp /opt/ftp_dir
[[email protected] ~]# ls -ld /opt/ftp_dir/
drwxrwxr-t. 2 root proftp_grp 4096 Jan 24 09:55 /opt/ftp_dir/
[[email protected] ~]#

Now assign password to the user.

[[email protected] ~]# passwd pradeep

Note: In my case i have created a user ‘pradeep’ whose home directory is “/opt/ftp_dir/” and secondary group is “ proftp_grp”. Now using ftp client pradeep can download and upload files from their home directory.

Step:3 Set SELinux & Firewall Rules.

In case SELinux is enable then set the following selinux rules for FTP.

[[email protected] ~]# setsebool -P ftp_home_dir=1
[[email protected] ~]# setsebool -P allow_ftpd_full_access=1

Open the FTP port in  Operating System (OS) Firewall

[[email protected] ~]# firewall-cmd --permanent --add-port=21/tcp
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]#

Step:4 Enable Encryption between ProFTPD Server and FTP Clients

Connection between ProFTPD server and its client is consider less secure , so to make secure communication between Server and its clients we can use SSL certificates.

To generate SSL certificates we will use openssl command , use below command to install openssl if it is not installed.

[[email protected] ~]# dnf install openssl

Now Generate SSL certificates

[[email protected] ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/ftpserver.pem -out /etc/pki/tls/certs/ftpserver.pem

It will prompt you to enter the information associated with the certificate and will create a private key ‘/etc/pki/tls/certs/ftpserver.pem’

openssl-private-key-proftpd

Set the permission on Private Key :

[[email protected] ~]# chmod 600 /etc/pki/tls/certs/ftpserver.pem
[[email protected] ~]#

Add the following lines in ‘/etc/proftpd.conf

[[email protected] ~]# vi /etc/proftpd.conf
TLSEngine                  on
TLSRequired                on
TLSProtocol                SSLv23
TLSLog                     /var/log/proftpd/tls.log
TLSRSACertificateFile      /etc/pki/tls/certs/ftpserver.pem
TLSRSACertificateKeyFile   /etc/pki/tls/certs/ftpserver.pem

SSL-certificate-proftpd-config

Restart the ProFTPD service.

[[email protected] ~]# systemctl restart proftpd
[[email protected] ~]#

Open the ports in the OS firewall for TLS.

[[email protected] ~]# firewall-cmd --add-port=1024-65534/tcp
success
[[email protected] ~]# firewall-cmd --add-port=1024-65534/tcp --permanent
success
[[email protected] ~]# firewall-cmd --reload
success

Step:5 Connect to ProFTPD server using Filezilla.

FileZilla-ubuntu-linux

Click on Connect…

ProFTPD-certificate

Click On ‘OK’ to trust the Certificate.

ProFTPD-successful-login

As we are able to login successfully, now you can download & upload files to your home directory.

Hope you like installation and Configuration steps 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest