File Transfer Protocol, commonly known as FTP, is a communication network protocol that is used to transfer files on a remote network. FTP is not encrypted by default. You can set up and configure FTP Server on Ubuntu in minutes.
The most widely used protocols are PureFTPd, ProFTPD, and VS. Although FTP is a very famous protocol, it is not encrypted by default. For more secure and faster data transfer, use SCP or SFTP.
This tutorial will cover how to set up FTP Server with VSFTPD on the Ubuntu system. It will also show you how to configure the FTP server to restrict users to their home directory. The steps have been numbered for your convenience.
What You’ll Need
For this tutorial, you will need a Ubuntu system. Additionally, you must have an account with sudo access or a root account. To become a sudo user, you simply have to use the sudo keyword with all the commands that you execute.
1. Updating Packages
The first step is to update the packages and install VSFTPD. You can execute both commands separated by
&&. The first command will update the packages, latest version, and dependencies.
The second command will download and install VSFTPD. It will execute only when the first command is executed successfully.
sudo apt update && sudo apt install VSFTPD
Press Y+Enter when asked to continue.
Secondly, check the status using this command.
sudo service VSFTPD status
It should show that the service is active and running.
2. Configure Firewall
It is important to enable a ufu firewall on your system for FTP. You will also enable a couple of other ports.
Firstly, make sure you add a rule for SSH (Port 22). Otherwise, you may get locked out of your server if you’re connected remotely.
Use the command given below to add a rule for SSH.
sudo ufw allow OpenSSH
After that, open ports 20 and 21 for FTP. In addition, enable ports 40000-50000 for passive FTP. At this stage, also open port 990 for TLS, which you will set up later.
sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 40000:50000/tcp sudo ufw allow 990/tcp
Now, enable the firewall if it isn’t already. But first, you will disable it and then enable it as shown below:
sudo ufw disable sudo ufw enable
To check the status of the firewall, run the command given below:
sudo ufw status
If the firewall is running, you should see
Status: active and the firewall rules we just added.
3. Create FTP User to Set up FTP Server on Ubuntu
Now that the FTP Server is set up, it is time to create a new user. Run the command given below to set up a new FTP Server:
sudo adduser ftpuser
Generate a strong password and do not share it with anyone.
Additionally, you should disable their SSH access if you only want ftpuser to log in via FTP. You can disable the access by blacklisting their username in the SSH config file.
Open the SSH config in nano as shown below:
sudo nano /etc/ssh/sshd_config
Next, add the following to the bottom of the file replacing ftpuser with the user you want to deny SSH and SFTP access.
After that, save the file by hitting Ctrl+X. It will ask you to save the file with the same name. Hit Y+Enter key to exit.
Lastly, restart the SSH service.
sudo service sshd restart
4. Give Permissions to the Directory
After you have added the user, you can now allow the user to view and upload files. At this stage, we are assuming that the FTP user already exists. So there is no need to create a new user.
VSFTPD uses chroot jails so that users cannot access the home directory. It also ensures that the home directory is not writable. If you plan on using this FTP user account to upload files to a web server, continue to Step 4.1. If you want to upload to a home folder, skip to Step 4.2.
First, you will add the user to the list in the configuration file. Run the command given below:
echo "newftpuser" | sudo tee -a /etc/VSFTPD.user_list
ftp directory tree and set the correct permissions :
sudo mkdir -p /home/newftpuser/ftp/upload sudo chmod 550 /home/newftpuser/ftp sudo chmod 750 /home/newftpuser/ftp/upload sudo chown -R newftpuser: /home/newftpuser/ftp
At this point, your FTP server should be fully functional. Connecting to the server using any FTP client that can be configured to use TLS encryption such as FileZilla should be possible now.
Now you can configure the user to upload files to the directory. There are two ways in which FTP users can upload files: web server and home folder. Let’s look at each step in detail.
4.1 Upload Files on Web Server Using FTP Server
For this step, set the folder above the document root as the home directory. To set the folder for FTP users, run the command given below:
sudo usermod -d /var/www ftpuser
Next, set ownership of the root directory to ftpuser. This will allow our FTP user to write and alter files in the document root directory.
sudo chown ftpuser:ftpuser /var/www/html
Now, skip to Step 5 to configure VSFTPD.
4.2 Upload Files on Home Directory Using FTP Server
This will allow the user to upload files to the home directory. For this step, create a new directory called ftp in the user’s home directory. Additionally, you will create a directory within
ftp directory called files. Run the command given below:
sudo mkdir /home/ftpuser/ftp
Instead of ftpuser, type your FTP user name. In this tutorial, we have named our user as ftpuser.
Set the ownership of the
ftp directory to
sudo chown nobody:nogroup /home/ftpuser/ftp
The next step is to set permissions for the
ftp directory. For this step, you will use
chmod command. Set it as “
a-w“, so that it is not writable by anyone, otherwise, you cannot log in as VSFTPD will not allow it.
sudo chmod a-w /home/ftpuser/ftp
Next, you will create a new directory. This directory will be created within
ftp directory where the user can view and upload files.
sudo mkdir /home/ftpuser/ftp/files
Lastly, you will assign ownership of this directory to your new FTP user.
sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files
5. VSFTPD Configuration
There are a few changes we have to make to the VSFTPD configuration file before you can start using FTP on Ubuntu 20.04/20.10.
Firstly, rename the config file.
sudo mv /etc/VSFTPD.conf /etc/VSFTPD.conf.bak
Secondly, create a new config file with nano editor.
sudo nano /etc/VSFTPD.conf
Paste in the following:
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/VSFTPD/empty pam_service_name=VSFTPD force_dot_files=YES pasv_min_port=40000 pasv_max_port=50000
If you followed method 4.2 previously and only want this user to upload files to the home folder, you must tell VSFTPD that the
local_root is the
/ftp folder we created earlier. Don’t add these two lines if you want the user to upload to the web document root!.
etc/VSFTPD.conf user_sub_token=$USER local_root=/home/$USER/ftp
Finally, you are done with VSFTPD.conf
After that, save the file by pressing Ctrl+X. Hit the Y key to save the file with the same name, and press Enter to exit.
Lastly, restart VSFTPD.
sudo systemctl restart VSFTPD
6. Test FTP Server on Ubuntu
You can now test the server to see if it is functioning. For this, it is recommended to use FileZilla. It works on all major operating systems. You can download it from its website and install it.
After the installation, just run the software.
Enter your server’s IP, your FTP username, and the password you created earlier, and click “Quickconnect”.
Above you can see we have connected successfully, and the webroot directory is displayed, though this may be different on your server.
Try uploading, creating, and editing folders and files within the webroot directory to ensure permissions are working correctly.
7. Secure FTP with TLS
It is a recommended step! As we discussed above, FTP is not encrypted by default. It means that the files you transferred are vulnerable. To address it, you should connect to VSFTPD using FTPS (FTP over SSL/TLS).
For this step, we will first create a certificate with the OpenSSL tool. Execute the command given below:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/VSFTPD.pem -out /etc/ssl/private/VSFTPD.pem
It will ask for some contact details. It is not necessary to fill in all the details. You can press Enter key for defaults.
Now that you have set the private key, there are few more changes that you need to perform in the configuration files.
Firstly, Open the config file in nano editor.
sudo nano /etc/VSFTPD.conf
Paste the following lines in the file beneath the existing text.
/etc/VSFTPD.conf ssl_enable=YES rsa_cert_file=/etc/ssl/private/VSFTPD.pem rsa_private_key_file=/etc/ssl/private/VSFTPD.pem allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH
Then, press Ctrl+X to save and exit.
Lastly, Restart VSFTPD.
sudo systemctl restart VSFTPD
8. Testing TLS with FileZilla
You can now test TLS with FileZilla.
Firstly, enter your server’s IP, your FTP username, and the password you created earlier, and click “Quickconnect”.
You will get an Unknown Certificate warning. Click Always trust this certificate in future sessions and click “OK”. The TLS will show a connection log when you connect with the server.
You are all done! By following this article, you have set up FTP Server, and it is running on Ubuntu.
In conclusion, this article discussed how to set up and install and configure VSFTPD. Moreover, it also explained how to configure firewalls, create an FTP user and access it with FileZilla.
If you liked this post, please share it with your friends. In case of any suggestions or queries, leave a comment below.
If this guide helped you, please share it.