Master Linux File Sharing: VSFTPD, Samba, NFS & iSCSI Step‑by‑Step

Table of Contents

Configure anonymous FTP server

Configure local user FTP server

Configure mixed anonymous and local FTP

Configure virtual user FTP server

OpenSSL+FTP encrypted transfer

Anonymous Samba configuration

Password‑protected Samba configuration

NFS server configuration

NFS client configuration

Configure iSCSI server

Configure Linux iSCSI client

Linux provides several file‑sharing mechanisms—Samba, VSFTPD, iSCSI, and NFS. The following sections detail how to install, configure, and use each service.

VSFTP File Transfer

FTP is a plain‑text protocol; VSFTPD is a hardened version with better security.

Runs as a normal user, reducing process privileges.

Requires higher‑privilege commands to be approved by the parent program.

Integrates most FTP commands, eliminating the need for extra system utilities.

Supports chroot to restrict users to their home directories.

Connection types: control (TCP 21) and data (TCP 20). Active and passive modes differ in firewall traversal.

Configure Anonymous FTP Server

Allows any user to connect using the username ftp.

anonymous_enable=YES
anon_umask=022
anon_root=/var/ftp
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_max_rate=0

Installation and service start:

yum install -y vsftpd
vim /etc/vsftpd/vsftpd.conf   # add the above parameters and uncomment them
systemctl start vsftpd
systemctl enable vsftpd

Configure Local‑User FTP Server

Requires a valid system username and password.

local_enable=YES
local_umask=022
local_root=/var/ftp
chroot_local_user=YES
local_max_rate=0
ftpd_banner=Welcome to blah FTP service
banner_file=/path/to/banner
userlist_enable=YES
userlist_deny=YES   # deny users listed in /etc/vsftpd/user_list

Installation and service start are identical to the anonymous case.

Configure Mixed Anonymous and Local FTP

Combines the previous settings so anonymous users can view shared data while authenticated users have private storage.

# same VSFTPD installation steps
anonymous_enable=YES
anon_umask=022
anon_root=/var/ftp
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_max_rate=0

local_enable=YES
local_root=/ghost
chroot_local_user=YES
write_enable=YES
local_umask=022

Configure Virtual‑User FTP Server

Uses a database to store virtual accounts, avoiding the creation of many system users.

anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

Install required packages, create /etc/vsftpd/vlogin with alternating lines of usernames and passwords, convert it to a Berkeley DB file, set permissions, and adjust PAM configuration:

yum install -y libdb-utils vsftpd
vim /etc/vsftpd/vlogin
# add:
Lyshark
123456
db_load -T -t hash -f /etc/vsftpd/vlogin /etc/vsftpd/vlogin.db
chmod 600 /etc/vsftpd/{vlogin,vlogin.db}
vim /etc/pam.d/vsftpd.pam
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vlogin
useradd -s /sbin/nologin -d /home/ftp virtual
vim /etc/vsftpd/vsftpd.conf   # enable guest_enable and set guest_username=virtual
systemctl start vsftpd
systemctl enable vsftpd

OpenSSL + FTP Encrypted Transfer

Generate a self‑signed certificate and enable SSL in VSFTPD.

# Check OpenSSL
rpm -q openssl

# Generate key and certificate
openssl req -new -x509 -nodes -out vsftpd.pem -keyout vsftpd.pem
# Copy to /etc/ssl/certs and restrict permissions
cp -a vsftpd.pem /etc/ssl/certs/
chmod 500 /etc/ssl/certs/
# Add to VSFTPD config
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
allow_anon_ssl=YES
force_anon_logins_ssl=YES
force_anon_data_ssl=YES
force_local_logins_ssl=YES
force_local_data_ssl=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

# Restart the service as before
systemctl restart vsftpd
systemctl enable vsftpd

Samba File Sharing

Samba implements SMB/CIFS for cross‑platform file sharing. It differs from FTP by allowing online file editing.

Anonymous Samba Configuration

Share a directory without authentication.

# Install Samba
yum install -y samba samba-client
mkdir /smb_file
chmod 755 -R /smb_file
vim /etc/samba/smb.conf

[global]
    workgroup = SAMBA
    security = user
    map to guest = Bad User

[smb_file]
    comment = hello guest
    path = /smb_file
    browseable = yes
    guest ok = yes
    writable = yes
    public = yes

Restart and enable the service:

systemctl restart smb
systemctl enable smb

Password‑Protected Samba Configuration

Create a system user and map it to a Samba account.

# Install Samba (if not already)
yum install -y samba samba-client
mkdir /smb_file
chmod 755 -R /smb_file
vim /etc/samba/smb.conf

[global]
    workgroup = SAMBA
    security = user
    map to guest = Bad User

[smb_file]
    comment = hello admin
    path = /smb_file
    browseable = yes
    guest ok = no
    writable = yes

Create users:

useradd -M -s /sbin/nologin admin
smbpasswd -a admin
useradd -M -s /sbin/nologin guest
pdbedit -a guest
pdbedit -L   # list Samba users
systemctl restart smb
systemctl enable smb

Linux client access:

smbclient -U admin -L //SERVER_IP
smbclient -U admin //SERVER_IP/smb_file
mount -t cifs //SERVER_IP/smb_file /mnt -o username=admin,password=YOURPASS

NFS File Sharing

NFS enables network‑transparent file access between Unix‑like systems. Versions 2, 3, and 4 differ in features; RHEL 7 defaults to v4.

NFSv2 – legacy, high compatibility.

NFSv3 – faster, larger files, TCP support.

NFSv4 – stateful, easier tracking, enhanced security.

Key daemons: rpcbind, nfs, rpc.mountd.

NFS Server Configuration

Open firewall ports and install packages:

firewall-cmd --add-service=nfs --permanent
firewall-cmd --add-service=mountd --permanent
firewall-cmd --add-service=rpc-bind --permanent
yum install -y rpcbind nfs-utils*
mkdir -p /public
chmod o+rw /public
chcon -R -t public_content_t /public
vim /etc/exports
# Add line:
 /public 192.168.1.0/24(rw,sync)
systemctl restart nfs
systemctl restart rpcbind
systemctl enable nfs
systemctl enable rpcbind
systemctl restart nfs-server
systemctl enable nfs-server

NFS Client Configuration

Install client tools, create mount point, and mount manually or via /etc/fstab.

yum install -y rpcbind nfs-utils*
mkdir -p /mnt/nfsmount
chcon -R -t public_content_t /mnt/nfsmount
mount -t nfs -o rw,sync 192.168.1.5:/public /mnt/nfsmount
# Add to /etc/fstab for auto‑mount
192.168.1.5:/public /mnt/nfsmount nfs defaults 0 0

Useful commands:

nfsstat, rpcinfo, showmount, exportfs – manage and monitor NFS exports.

NFS Permission Option

Description

ro

Read‑only share

rw

Read‑write share

sync

Synchronous writes

async

Asynchronous writes

wdelay

Delay write operations

root_squash

Map remote root to anonymous UID

no_root_squash

Do not squash remote root

all_squash

Map all remote users to anonymous UID

iSCSI Disk Sharing

iSCSI transports SCSI commands over TCP/IP, allowing block‑level storage sharing.

Configure iSCSI Server

Install and start the target daemon.

yum install -y targetd targetcli
systemctl restart targetd
systemctl enable targetd

targetcli   # interactive shell
/backstores/block create disk0 /dev/sdb
/iscsi create
cd iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.8c7dcc63aea8
tpg1/luns create /backstores/block/disk0
tpg1/acls create iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.8c7dcc63aea8:client
tpg1/portals delete 0.0.0.0 3260
tpg1/portals create 192.168.1.20
exit

systemctl restart targetd
systemctl enable targetd

Configure Linux iSCSI Client

Set the initiator name to match the server ACL, then discover and log in.

vim /etc/iscsi/initiatorname.iscsi
# Add line:
InitiatorName=iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.8c7dcc63aea8:client
systemctl restart iscsid
systemctl enable iscsid
iscsiadm -m discovery -t st -p 192.168.1.20
iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.8c7dcc63aea8 -p 192.168.1.20 --login
mkfs.xfs /dev/sdb
mkdir /network-disk
mount /dev/sdb /network-disk
# Add to /etc/fstab for auto‑mount
UUID=ff233cc4-2255-4973-a686-9d394384faf6 /network-disk xfs defaults,_netdev 0 0
mount -a

Windows iSCSI Client

Use the built‑in iSCSI Initiator: add the target IP, edit the target name to include :client, connect, and then format the new disk in Disk Management.