Step 1 — Installing vsftpd

Start by updating our package list and installing the vsftpd daemon:
sudo apt-get update
sudo apt-get install vsftpd

Copy the configuration file. Start with a blank configuration, saving the original as a backup.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Step 2 — Opening the Firewall

Check the firewall status to see if it’s enabled. If so, we’ll ensure that FTP traffic is permitted
so you won’t run into firewall rules blocking you when it comes time to test.
sudo ufw status

In this case, only SSH is allowed through:

Output
Status: active

To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)

You may have other rules in place or no firewall rules at all. Since only ssh traffic is permitted
in this case, we’ll need to add rules for FTP traffic.
We'll need to open ports 20 and 21 for FTP, port 990 for later when we enable TLS, and ports
40000-50000 for the range of passive ports we plan to set in the configuration file:
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw status
Now our firewall rules looks like:
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
990/tcp ALLOW Anywhere
20/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
40000:50000/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
20/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
990/tcp (v6) ALLOW Anywhere (v6)
40000:50000/tcp (v6) ALLOW Anywhere (v6)
With vsftpd installed and the necessary ports open, we're ready to proceed to the next step.
Step 3 — Preparing the User Directory
For this tutorial, we're going to create a user, but you may already have a user in need of FTP
access. We'll take care to preserve an existing user’s access to their data in the instructions that
follow. Even so, we recommend you start with a new user until you've configured and tested
your setup.
First, we’ll add a test user:
sudo adduser runner1 (sudah dibuat di step sebelumnya)

Create the ftp folder, set its ownership, and be sure to remove write permissions with the
following commands:
sudo mkdir /home/sawitpro/ftp
sudo chown nobody:nogroup /home/sawitpro/ftp
sudo chmod a-w /home/sawitpro/ftp

Verify the permissions:

sudo ls -la /home/sawitpro/ftp

Output
total 8
4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
4 drwxr-xr-x 3 sawitpro sawitpro 4096 Aug 24 21:29 ..

Next, we'll create the directory where files can be uploaded and assign ownership to the user:
sudo mkdir /home/sawitpro/ftp/files
sudo chown sawitpro:sawitpro /home/sawitpro/ftp/files

A permissions check on the files directory should return the following:

sudo ls -la /home/sawitpro/ftp

Output
total 12
dr-xr-xr-x 3 nobody nogroup 4096 Aug 26 14:01 .
drwxr-xr-x 3 sammy sammy 4096 Aug 26 13:59 ..
drwxr-xr-x 2 sammy sammy 4096 Aug 26 14:01 files

Finally, we'll add a test.txt file to use when we test later on:
echo "vsftpd test file" | sudo tee /home/sawitpro/ftp/files/test.txt
Step 4 — Configuring FTP Access
We're planning to allow a single user with a local shell account to connect with FTP. The two
key settings for this are already set in vsftpd.conf. Start by opening the config file to verify
that the settings in your configuration match those below:
sudo nano /etc/vsftpd.conf

Edit
write_enable=YES
chroot_local_user=YES

add a user_sub_token in order to insert the username in our local_root directory path so our
configuration will work for this user and any future users that might be added.
user_sub_token=$USER
local_root=/home/$USER/ftp

limit the range of ports that can be used for passive FTP to make sure enough connections are
available:
pasv_min_port=40000
pasv_max_port=50000

Since we’re only planning to allow FTP access on a case-by-case basis, we’ll set up the
configuration so that access is given to a user only when they are explicitly added to a list rather
than by default:
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
pam_service_name=ftp

Save (Ctrl-O)

userlist_deny toggles the logic. When it is set to "YES", users on the list are denied FTP access.
When it is set to "NO", only users on the list are allowed access. When you're done making the
change, save and exit the file.

Finally, we’ll create and add our user to the file. We'll use the -a flag to append to file:
echo "sawitpro" | sudo tee -a /etc/vsftpd.userlist

Double-check that it was added as you expected:

cat /etc/vsftpd.userlist
Output
sawitpro

Restart the daemon to load the configuration changes:

sudo systemctl restart vsftpd

vsftpd 530 Permission denied, 530 Login incorrect issues fixing

Install vsftpd
$ yum install vsftpd

Enable ftp service, must open port 21 to use FTP. CentOS 7 uses firewalld instead of the original iptables. Use
the following command:

$ firewall-cmd --zone=public --add-port=21/tcp --permanent

Don't forget to reload the firewall configuration

$ firewall-cmd --reload

Start vsftpd

$ service vsftpd start

To solve the ftp 530 Permission denied problem

When testing the FTP login, the 530 Permission denied is displayed, the userlist_enable value in the
configuration file needs to be modified to NO

$ vi /etc/vsftpd/vsftpd.confuserlist_enable=NO$ service vsftpd restart

Again, test FTP login, and then prompt 530 Login incorrect, check the contents of the /etc/pam.d/vsftpd, one of
which is

auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

Vsftpd will disable the list in /etc/vsftpd/ftpusers, so

vi /etc/vsftpd/ftpusers

found the root is on the list, so delete the root and save, restart vsftpd.

$ service vsftpd restart

Login FTP successful!