VSFTPD stands for Very Secure FTP Daemon is an open-source FTP (File Transfer Protocol) server that is the default FTP server. VSFTPD is widely used for file transferring in a most secure way as any competitive FTP server. FTP allows a remote computer to connect to a server retrieving/uploading files. FTP at its best is a fast and well-established file-sharing platform.
We will also show you how to setup FTP server on ubutu server, configure vsftpd and restrict users to their home directory and encrypt the entire transmission with SSL/TLS.
1- Installing vsftpd on Ubuntu 22.04
The vsftpd package is available in the Ubuntu repositories. To install it, execute the following commands.
$ sudo apt update
$ sudo apt install vsftpd
The ftp service will automatically start once the installation process is complete. To verify it, print the service status:
Next, we will verify Vsftpd server status by following command.
$ sudo systemctl status vsftpd
2- Configure vsftpd server
The next step is to setup FTP server and configure with vsftpd and our FTP access. In this example, we will allow a single user to connect using a local shell account. The vsftpd server configuration is stored in the /etc/vsftpd.conf file. we will open configuration file and will do some important change needed to configure a secure vsftpd installation.
$ sudo nano /etc/vsftpd.conf
2.1- FTP Access
We’ll allow access to the FTP server only to the local users. Search the anonymous_enable and local_enable directives and verify your configuration match to lines below:
anonymous_enable=NO
local_enable=YES
2.2 – Enabling uploads
Search and Uncomment the write_enable directive to allow filesystem changes, such as uploading and removing files.
write_enable=YES
2.3 – Chroot jail
To prevent local FTP users to access files outside of their home directories, uncomment the lne starting with chroot_local_user.
chroot_local_user=YES
By default, for security reasons, when chroot is enabled, vsftpd will refuse to upload files if the directory that the users are locked in is writable.
user_sub_token=$USER
local_root=/home/$USER/ftp
User will create ftp directory inside user home and will server as the chroot. He will create Upload directory to upload files/data.
2.4 – Passive FTP Connections
By default, vsftpd uses active mode. To use passive mode, set the minimum and maximum range of ports:
pasv_min_port=30000
pasv_max_port=31000
pasv_min_port=40000
pasv_max_port=50000
2.5 – Limiting User Login
You can configure vsftpd to permit only certain users to log in. To do so, add the following lines at the end of the file.
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO
3. Allowing FTP Traffic from the Firewall
Let’s first see whether the firewall already installed or not. In Ubuntu ufw firewall used to allow ports for inbound/outbound.
3.1 – Check firewall status
First of all we will verify the status of current firewall with following command.
$ sudo ufw status
3.2 – How to install ufw firewall
If the ufw firewall not available, you need to install firs by the following command.
$ sudo apt-get install ufw
3.3 – How to allow ports in ufw firewall
If ufw already installed and enable, need to make sure FTP traffic is allowed. Execute the following command one by one to allow specific traffic over the server.
$ sudo ufw allow OpenSSH
$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw allow 990/tcp
$ sudo ufw allow 40000:50000/tcp
$ sudo ufw allow 30000:31000/tcp
3.4 – Reload ufw firewall
Once the ports allow commands are executed, then reload ufw firewall by enable or disable to take impact of ports communication.
$ sudo ufw disable
$ sudo ufw enable
To verify the changes run:
$ sudo ufw status
4. Creating FTP User
In this step we will create a user who is going to use FTP access.
$ sudo adduser a2zeducate
If the user already created to which you want to grant FTP access, skip this step.
4.1 – Add user to FTP user list
Next, we will Add the user to the allowed FTP users list.
echo “a2zeducate” | sudo tee -a /etc/vsftpd.user_list
Create the FTP directory tree and set the correct. If you already configured “allow_writeable_chroot=YES” in configuration file. Skip below to create directories and grant access.
$ sudo mkdir -p /home/a2zeducate/ftp/upload
$ sudo chmod 550 /home/a2zeducate /ftp
$ sudo chmod 750 /home/a2zeducate/ftp/upload
$ sudo chown -R a2zeducate: /home/a2zeducate/ftp
At this point, FTP server is fully functional. You should be able to connect to the server via ftp command or using any FTP client that can be configured to use TLS encryption, such as FileZilla or WinSCP.
5. Disabling Shell Access
By default, when user created, the user can access server directly via SSH. To disable shell access, the FTP will limited access as FTP user only.
Run the following commands to create the /bin/ftponly file and make it executable.
echo -e ‘#!/bin/sh\necho “a2zeducate“‘ | sudo tee -a /bin/ftponly
sudo chmod a+x /bin/ftponly
Append the new shell to the list of valid shells in the /etc/shells file:
echo “/bin/ftponly” | sudo tee -a /etc/shells
Change the user shell to /bin/ftponly:
sudo usermod a2zeducate -s /bin/ftponly
6. Testing Connection with WinScp
To test the connection we will use WinSCP FTP client. This is a best approach to verify that user can connected with FTP server successfully.
1- Open Winscp FTP client application. At first glance login detail will appear to enter the user detail to connect with FTP server.
2- Fill all required login detail which are created in FTP server to get access. Since we did not configure sftpd server to use TLS , we will select protocol as FTP and encryption as “No encryption”.
3- Finally, we will able to connect with FTP server by entering correct login details.
Conclusion:
Ubuntu FTP server makes us most secure and reliable method of data transfering from one computer to another.
In this Tutorial, we learnt how to setup FTP server on Ubuntu 22.04 server using vsftpd with following step.
- Install vsftpd on your Ubuntu server and back up the original configuration file.
- Allow FTP connections through the firewall.
- Configure vsftpd.
- Create a user directory that can be accessed only by specified users.
- Test your FTP connection with WinScp FTP Client.
Read More
Easy Steps to Install Xrdp Server (Remote Desktop) on Oracle Linux 9.2