Installing FTP server Ubuntu

INSTALLING FTP SERVER LINUX UBUNTU

The Software is available from the official repositories, so installing FTP on Ubuntu Server shouldn’t be a problem. First, update the list of packages in the repositories, then install the program itself:

$ sudo apt update

$ sudo sudo apt install vsftpd

Once the installation is complete, you need to enable the vsftpd service as it won’t be started by default, and add the service to startup:

$ sudo systemctl start vsftpd

$ sudo sudo systemctl enable vsftpd

If you have the ufw firewall installed, which happens when you try to install FTP on Ubuntu Server, you need to open ports 20 and 21 for normal operation. To do this, run the commands:

$ sudo ufw allow 20/tcp

$ sudo ufw allow 21/tcp

$ sudo ufw status

Ubuntu FTP installation is complete, but now you have to configure everything you need to ensure secure operation. Never use an FTP server with default settings on production networks, it is not safe.

FTP Settings

Now let’s move on to the settings. We only need to change a few parameters to fully secure your FTP server. First, we will look at the most obvious settings: disabling anonymous login and so on. First you need to copy the original settings file in order to return everything as it was in case of problems:

$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

$ sudo vi /etc/vsftpd.conf

Then add these settings. You will need to find and change the values of the specified lines, adding new ones if they already exist is not worth it. First, disable anonymous login:
anonymous_enable = NO

We allow using local usernames for login:local_enable = YES

Permission to write files:write_enable = YES

Set the umask value for new files created via FTP:local_umask = 022

We include a message about the need to select a directory after registration:dirmessage_enable = YES

Log all file transfer transactions to a log file and use the standard log format:
xferlog_enable = YES;xferlog_std_format=YES

Use port 20 for data transfer instead of random, this is necessary for the normal operation of the firewall:connect_from_port_20 = YES

Specify that you need to wait for incoming connections:listen=YES

Use PAM libraries:pam_service_name=vsftpd

Allow authentication only for users listed in the userlist file:userlist_enable = YES

Specify the file with our virtual users:userlist_file=/etc/vsftpd.userlist

By default, such users are not allowed to log in, but we want the opposite, so add this line:userlist_deny=NO

When users log on to an FTP server, they can only work in the FTP root directory. If you want users to be limited to their home folder only, then you need to uncomment these lines:
chroot_local_user = YES;allow_writeable_chroot = YES

The Ubuntu FTP setup is almost complete, save the changes to the config file and restart vsftpd:

$ sudo systemctl restart vsftpd

The server is ready, but the system is not fully configured yet. First, let’s create our test user with useradd:

$ sudo useradd -m -c “ftpuser” -s /bin/bash ftpuser

$ sudo passwd ftpuser

Since we want to connect on his behalf to the FTP server, we need to add him to vsftpd.userlist:

$ echo “testuser” | sudo tee -a /etc/vsftpd.userlist

Now you can connect to the ftp server on behalf of the user: ftpuser

USER HOME FOLDER SETUP

First, let’s create a folder like this for our user:

$ sudo mkdir -p /home/ftpuser/ftp

Let’s remove the write permission for the ftp folder:

$ sudo chown nobody:nogroup /home/ftpuser/ftp

$ sudo chmod a-w /home/ftpuser/ftp

Then give the necessary permissions to the user to write to the subfolder.

$ sudo chown -R testuser:testuser /home/ftpuser/ftp

$ sudo chmod -R 0770 /home/ftpuser/ftp/

Now back to the vsftpd.conf configuration file. First comment out the line:
allow_writeable_chroot = YES

Now add these lines:
user_sub_token = $USER ;
local_root=/home/$USER/ftp

The first one adds the $USER variable, which contains the username, and the second one sets the root folder for each user. It remains to restart the FTP server again:

$ sudo systemctl restart vsftpd

Now you can log in again as this user and you will see that the folder we specified is now used.