How to Install and Configure an FTP Server in Ubuntu

File Transfer Protocol (FTP) is one of the most widely used network protocols for uploading/downloading files between two computers over a network. It is one of the older methods available and by its original nature is insecure because it transmits the data together with the user credentials (username & password) in plain text without using encryption.

Warning

If you are planning to use FTP I would highly advise configuring the FTP server to use SSL/TLS for its connections. This will greatly enhance the security of both the data and the credentials as they will be encrypted when sent back and forth between the computers.

You can configure SSL/TLS once you have performed the basic steps below. You can click on the link below to follow my guide.

Securing FTP Server with SSL/TLS (Link)

In this article, I will show you how to install, configure, secure and test a FTP server in Ubuntu. We will be installing “Very Secure FTP Daemon” (VSFTPD for short) which provides a powerful and secure solution.

Step 1: Installing VSFTPD Server In Ubuntu

  1. Update the system package sources and then install the VSFTPD package by typing the following commands:
    $ sudo apt-get update
    $ sudo apt-get install vsftpd
  2. Once the installation completes the VSFTPD service will be disabled by default.  By typing the following commands we  can enable the VSFTPD service and configure it to start automatically each time you boot your server:
    $ sudo systemctl start vsftpd
    $ sudo systemctl enable vsftpd
  3. If you have UFW Firewall enabled (by default it is not enabled) then you need to open ports 20 and 21 so that remote machines can access the FTP server. You can add the firewall rules, if needed, by typing the following commands:
    $ sudo ufw allow 20/tcp
    $ sudo ufw allow 21/tcp
    $ sudo ufw status

Step 2: Configuring & Securing VSFTPD Server

  1. Before we make any changes to the default configuration file ( /etc/vsftpd/vsftpd.conf ) for VSFTPD let’s make a backup by typing the following command:
    $ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
  2. With a backup made we can open the VSFTPD configuration file for editing using either VI or NANO. Depending on your choice type one of the following commands:
    $ sudo vi /etc/vsftpd.conf
    
    OR
    
    $ sudo nano /etc/vsftpd.conf
  3. Next we need to either add or modify the following lines within the configuration file. If the option already exists you may need to uncomment it by removing the # at the start of the line and/or  set it to the correct setting. Should it not exist add the whole line in, when you are finished save the file and exit your editor:
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    xferlog_std_format=YES
    listen=NO
    listen_ipv6=NO
    pam_service_name=vsftpd
    tcp_wrappers=YES
    userlist_enable=YES
    userlist_file=/etc/vsftpd.userlist
    userlist_deny=NO
    chroot_local_user=YES
    allow_writeable_chroot=NO
    user_sub_token=$USER
    local_root=/home/$USER/ftp
    NOTES

    By default, users listed in /etc/vsftpd.userlist are denied login access to the FTP server but by setting “userlist_deny=NO” in the configuration file we reverse this by allowing users listed in the file and denying access to anyone not in it.
  4. With the basic configuration now set we need to restart the VSFTPD services with the following command:
    $ sudo systemctl restart vsftpd

Step 3: Setting Up Users & Home Directories

  1. To create a new FTP user we can use the “useradd” command as below replacing USERNAME with the desired username you want for the new user account. Using the “passwd” command we can set the password for the new account:
    $ sudo useradd -m USERNAME
    $ sudo passwd USERNAME
  2. For the new account to be able to login to the FTP server we need to explicitly add it to the /etc/vsftpd.userlist file and check it has been added with the following commands, remembering to replace USERNAME with the actual username you created above:
    $ echo "USERNAME" | sudo tee -a /etc/vsftpd.userlist
    $ cat /etc/vsftpd.userlist
  3. We now need to create an alternative FTP local root directory for the newly created user and set the required permissions to disable write permissions to all other users by typing the following commands, remember to replace USERNAME with the actual username:
    $ sudo mkdir /home/USERNAME/ftp
    $ sudo chown nobody:nogroup /home/USERNAME/ftp
    $ sudo chmod a-w /home/USERNAME/ftp
    NOTES

    When users login to the FTP server, they are placed in a chrooted jail, this is the local root directory which will act as their home directory for the FTP session only.

    By setting the option allow_writable_chroot=NO in the VSFTPD configuration file it means that we must make the chroot directory we created above non-writable to all users. This is an important security feature as if we allowed the chroot directory to be writable then users that have upload permissions, or more so, shell access could do things you don’t want them to do. This is not a problem specific to VSFTPD, but something that affects all FTP daemons using chroot jails.

  4. With the users chroot directory created and set to be non-writable we need to provide the user with a directory inside the chroot directory where they can store their files, type the following commands remembering to replace USERNAME with the actual username you created:
    $ sudo mkdir /home/USERNAME/ftp/files
    $ sudo chown -R USERNAME:USERNAME /home/USERNAME/ftp/files
    $ sudo chmod -R 0770 /home/USERNAME/ftp/files/

Step 4: Testing

  1. To begin testing we will first try to connect to the FTP server using anonymous logins. Type the command below, replacing IPADDRESS with the correct IP address for your Ubuntu server and replacing USERNAME with anonymous. You should get a response from the FTP server failing the login similar to the second box:
    $ ftp IPADDRESS
    Connected to 192.1.68.1.10 (192.1.68.1.10).
    220 Welcome to FTP service.
    Name (192.1.68.1.10:root) : USERNAME
    530 Permission denied.
    Login failed.
    ftp> bye
    221 Goodbye.

    This is exactly the result that we wanted. Allowing anonymous logins means that anyone could connect to your FTP server without a username or password, this is a security issue and generally not something that you would want.

  2. Next, we can test to see if a user not listed in the /etc/vsftpd.userlist file will be granted permission to login, we would expect with our configuration that they would be denied access too. You will need to use a different username to the one you created earlier in this guide, maybe the username you are logged into your Ubuntu server with, and type the command below replacing IPADDRESS with the correct IP and entering a username that is not in the file where the USERNAME placeholder is:
    $ ftp IPADDRESS
    Connected to 192.1.68.1.10 (192.1.68.1.10).
    220 Welcome to FTP service.
    Name (192.1.68.1.10:root) : USERNAME
    530 Permission denied.
    Login failed.
    ftp> bye
    221 Goodbye.
  3. Finally we can perform a final test to see if the FTP user we created earlier can successfully connect and if they can see the “files” directory we created in their chroot directory. Type the following command replacing IPADDRESS with the correct IP and entering the username that you created earlier where the USERNAME placeholder is, you will also need to enter the password you created too. You should be allowed access to the FTP server, and if you type the command in the third box at the “ftp>” prompt you should see the directory “files” listed:
    $ ftp IPADDRESS
    Connected to 192.168.1.10 (192.168.1.10).
    220 Welcome to FTP service.
    Name (192.168.1.10:root) : USERNAME
    331 Please specify the password.
    Password:
    230 Login successful.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp>
    ftp> ls
  4. You can now proceed to connect to the FTP server from any computer using an FTP Client and upload/download files.

 

Sgt. Imhotep

The babblings of a Techno Geek with tutorials, news, reviews and anything else that relates to computers and technology.

sgt-imhotep has 2 posts and counting.See all posts by sgt-imhotep

Leave a Reply

Your email address will not be published. Required fields are marked *