NFS (Network File System) is a popular protocol for sharing files and directories across a network. In this blog post, I test setting up an NFS server on Fedora 36.
- To start, you will need to install the NFS server package on your Fedora 36 system. You can do this by running the following command:
sudo dnf install vsftpd
Configure FTP (vsftpd)
Fedora 36
- To secure our FTP server, we need to add the privileges different users have over the server. For example, we will assign the following configurations for the following users in this post:
Local user: Has permission to upload files to the FTP server.Anonymous user: He can only read the files but cannot upload files to the FTP server.
Open the /etc/vsftpd/vsftpd.conf file using the command below to edit the configurations using the vim editor.
[finuks@fedora ~]$ sudo vim /etc/vsftpd/vsftpd.conf
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Activate logging of uploads/downloads.
xferlog_enable=YES
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
# This option is used by the PAM (Pluggable Authentication Modules) system
# to determine the name of the service that is being used for authentication.
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/vsftpd.userlist
local_root=/run/media
allow_writeable_chroot=YES
Finally, we’ll create and add our user to the file. We’ll use the -a flag to append to file:
echo "finuks" | sudo tee -a /etc/vsftpd/vsftpd.userlist
Double-check that it was added as you expected:
cat /etc/vsftpd/vsftpd.userlist
Restart the daemon to load the configuration changes:
sudo systemctl restart vsftpd
We need to allow the FTP port on the firewall to enable transferring files between our PC and another PC on the network. Execute the commands below.
sudo firewall-cmd --list-all --zone=FedoraWorkstation
sudo firewall-cmd --get-services
sudo firewall-cmd --add-service=ftp --zone=FedoraWorkstation --permanent
sudo firewall-cmd --reload
- Testing FTP Access
We’ve configured the server to allow only the user finuks to connect via FTP. Let’s make sure that’s the case.
Anonymous users should fail to connect: We disabled anonymous access. Here we’ll test that by trying to connect anonymously. If we’ve done it properly, anonymous users should be denied permission. finuks should be able to connect, as well as read and write files: Here, we’ll make sure that our designated user _can_connect:
$ ftp -p 192.168.52.110
Connected to 192.168.52.110 (192.168.52.110).
220 (vsFTPd 3.0.5)
Name (192.168.52.110:root): finuks
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit