How to Install VSFTPD on AlmaLinux 9

Very Secure FTP Daemon (VSFTPD) is an FTP daemon that establishes a secure connection to FTP Server by creating a secure tunnel that encrypts data flow to and from FTP Server.It has been available for many years now. This protects files being uploaded or downloaded from hackers thus enforcing end-to-end encryption between the user and FTP Server.

Installing VSFTPD

To enable FTP on your VPS, you will first need to install the VSFTPD package with the following command.

dnf install vsftpd -y

Once the installation is complete, We start the vsftpd service and enable it to start automatically at system boot.

systemctl start vsftpd
systemctl enable vsftpd


[root@crowncloud ~]# systemctl enable vsftpd
[root@crowncloud ~]# systemctl enable vsftpd
Created symlink /etc/systemd/system/ → /usr/lib/systemd/system/vsftpd.service.

Next, We open the FTP port on the system firewall to allow access to the FTP service from external systems.

firewall-cmd --add-service=ftp --permanent --zone=public

firewall-cmd --reload


[root@crowncloud ~]# firewall-cmd --add-service=ftp --permanent --zone=public
[root@crowncloud ~]# firewall-cmd --reload
[root@crowncloud ~]#

However, if you see the following error when applying any rules from the firewalld command,

Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: Invalid argument

Creating an FTP user

Create an FTP user and create a password for that user.

First, We add the user,

adduser test

Next, we set-up a password for the user,

passwd test


[root@crowncloud ~]# adduser test
[root@crowncloud ~]# passwd test
Changing password for user test.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@crowncloud ~]#

Testing the FTP connection

Finally test FTP connection using FileZilla or WinSCP Client softwares.

Input your Server's IP or Hostname in the Host Field, the Name of the FTP user created earlier in the Username Field, and finally your Password.

If you have configured a different port for this, you will have to mention it in the Port Field.


Debugging COMMAND FAILED Error

You can resolve it by switching the firewall backend from nftables to iptables. Follow the steps below:

Open the firewall configuration file using the following command:

vi /etc/firewalld/firewalld.conf

In the configuration file, locate the line:


and change it to:


Save the changes and exit the text editor.

Restart the firewalld service:

systemctl restart firewalld

Now, the firewall backend should be switched to iptables, and you should be able to reload the firewall without encountering the previous error.

firewall-cmd --reload