INSTALLING FTP SERVER LINUX UBUNTU
The Software is available from the official repositories, so installing FTP on Ubuntu Server shouldn’t be a problem. First, update the list of packages in the repositories, then install the program itself:
$ sudo apt update
$ sudo sudo apt install vsftpd
Once the installation is complete, you need to enable the vsftpd service as it won’t be started by default, and add the service to startup:
$ sudo systemctl start vsftpd
$ sudo sudo systemctl enable vsftpd
If you have the ufw firewall installed, which happens when you try to install FTP on Ubuntu Server, you need to open ports 20 and 21 for normal operation. To do this, run the commands:
$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw status
Ubuntu FTP installation is complete, but now you have to configure everything you need to ensure secure operation. Never use an FTP server with default settings on production networks, it is not safe.
FTP Settings
Now let’s move on to the settings. We only need to change a few parameters to fully secure your FTP server. First, we will look at the most obvious settings: disabling anonymous login and so on. First you need to copy the original settings file in order to return everything as it was in case of problems:
$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
$ sudo vi /etc/vsftpd.conf
Then add these settings. You will need to find and change the values of the specified lines, adding new ones if they already exist is not worth it. First, disable anonymous login:
anonymous_enable = NO
We allow using local usernames for login:local_enable = YES
Permission to write files:write_enable = YES
Set the umask value for new files created via FTP:local_umask = 022
We include a message about the need to select a directory after registration:dirmessage_enable = YES
Log all file transfer transactions to a log file and use the standard log format:
xferlog_enable = YES;xferlog_std_format=YES
Use port 20 for data transfer instead of random, this is necessary for the normal operation of the firewall:connect_from_port_20 = YES
Specify that you need to wait for incoming connections:listen=YES
Use PAM libraries:pam_service_name=vsftpd
Allow authentication only for users listed in the userlist file:userlist_enable = YES
Specify the file with our virtual users:userlist_file=/etc/vsftpd.userlist
By default, such users are not allowed to log in, but we want the opposite, so add this line:userlist_deny=NO
When users log on to an FTP server, they can only work in the FTP root directory. If you want users to be limited to their home folder only, then you need to uncomment these lines:
chroot_local_user = YES;allow_writeable_chroot = YES
The Ubuntu FTP setup is almost complete, save the changes to the config file and restart vsftpd:
$ sudo systemctl restart vsftpd
The server is ready, but the system is not fully configured yet. First, let’s create our test user with useradd:
$ sudo useradd -m -c “ftpuser” -s /bin/bash ftpuser
$ sudo passwd ftpuser
Since we want to connect on his behalf to the FTP server, we need to add him to vsftpd.userlist:
$ echo “testuser” | sudo tee -a /etc/vsftpd.userlist
Now you can connect to the ftp server on behalf of the user: ftpuser
USER HOME FOLDER SETUP
First, let’s create a folder like this for our user:
$ sudo mkdir -p /home/ftpuser/ftp
Let’s remove the write permission for the ftp folder:
$ sudo chown nobody:nogroup /home/ftpuser/ftp
$ sudo chmod a-w /home/ftpuser/ftp
Then give the necessary permissions to the user to write to the subfolder.
$ sudo chown -R testuser:testuser /home/ftpuser/ftp
$ sudo chmod -R 0770 /home/ftpuser/ftp/
Now back to the vsftpd.conf configuration file. First comment out the line:
allow_writeable_chroot = YES
Now add these lines:
user_sub_token = $USER ;
local_root=/home/$USER/ftp
The first one adds the $USER variable, which contains the username, and the second one sets the root folder for each user. It remains to restart the FTP server again:
$ sudo systemctl restart vsftpd
Now you can log in again as this user and you will see that the folder we specified is now used.