How to Set up FTP Server with VSFTPD on Ubuntu 20.04

File Transfer Protocol, commonly known as FTP, is a communication network protocol that is used to transfer files on a remote network. FTP is not encrypted by default. You can set up and configure FTP Server on Ubuntu in minutes. 

The most widely used protocols are PureFTPd, ProFTPD, and VS. Although FTP is a very famous protocol, it is not encrypted by default. For more secure and faster data transfer, use SCP or SFTP.

This tutorial will cover how to set up FTP Server with VSFTPD on the Ubuntu system. It will also show you how to configure the FTP server to restrict users to their home directory. The steps have been numbered for your convenience. 

What You’ll Need

For this tutorial, you will need a Ubuntu system. Additionally, you must have an account with sudo access or a root account. To become a sudo user, you simply have to use the sudo keyword with all the commands that you execute. 

1. Updating Packages

The first step is to update the packages and install VSFTPD. You can execute both commands separated by &&. The first command will update the packages, latest version, and dependencies. 

The second command will download and install VSFTPD. It will execute only when the first command is executed successfully. 

sudo apt update && sudo apt install VSFTPD
set up ftp server

Press Y+Enter when asked to continue.

Secondly, check the status using this command.

sudo service VSFTPD status

It should show that the service is active and running. 

2. Configure Firewall

It is important to enable a ufu firewall on your system for FTP. You will also enable a couple of other ports. 

Firstly, make sure you add a rule for SSH (Port 22). Otherwise, you may get locked out of your server if you’re connected remotely.

Use the command given below to add a rule for SSH.

sudo ufw allow OpenSSH

After that, open ports 20 and 21 for FTP. In addition, enable ports 40000-50000 for passive FTP. At this stage, also open port 990 for TLS, which you will set up later.

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw allow 990/tcp

Now, enable the firewall if it isn’t already. But first, you will disable it and then enable it as shown below:

sudo ufw disable
sudo ufw enable

To check the status of the firewall, run the command given below:

sudo ufw status
enable firewall

If the firewall is running, you should see Status: active and the firewall rules we just added.

FTP server open ports

3. Create FTP User to Set up FTP Server on Ubuntu

Now that the FTP Server is set up, it is time to create a new user. Run the command given below to set up a new FTP Server:

sudo adduser ftpuser

Generate a strong password and do not share it with anyone.

add user for ftp server

Additionally, you should disable their SSH access if you only want ftpuser to log in via FTP. You can disable the access by blacklisting their username in the SSH config file.

Open the SSH config in nano as shown below:

sudo nano /etc/ssh/sshd_config

Next, add the following to the bottom of the file replacing ftpuser with the user you want to deny SSH and SFTP access. 

DenyUsers ftpuser

After that, save the file by hitting Ctrl+X.  It will ask you to save the file with the same name. Hit Y+Enter key to exit.

Lastly, restart the SSH service.

sudo service sshd restart

4. Give Permissions to the Directory

After you have added the user, you can now allow the user to view and upload files. At this stage, we are assuming that the FTP user already exists. So there is no need to create a new user. 

VSFTPD uses chroot jails so that users cannot access the home directory. It also ensures that the home directory is not writable. If you plan on using this FTP user account to upload files to a web server, continue to Step 4.1. If you want to upload to a home folder, skip to Step 4.2.

First, you will add the user to the list in the configuration file. Run the command given below:

echo "newftpuser" | sudo tee -a /etc/VSFTPD.user_list

Create the ftp directory tree and set the correct permissions :

sudo mkdir -p /home/newftpuser/ftp/upload
sudo chmod 550 /home/newftpuser/ftp
sudo chmod 750 /home/newftpuser/ftp/upload
sudo chown -R newftpuser: /home/newftpuser/ftp

At this point, your FTP server should be fully functional. Connecting to the server using any FTP client that can be configured to use TLS encryption such as FileZilla should be possible now.

Now you can configure the user to upload files to the directory. There are two ways in which FTP users can upload files: web server and home folder. Let’s look at each step in detail.

4.1 Upload Files on Web Server Using FTP Server

For this step, set the folder above the document root as the home directory. To set the folder for FTP users, run the command given below:

sudo usermod -d /var/www ftpuser

Next, set ownership of the root directory to ftpuser. This will allow our FTP user to write and alter files in the document root directory.

sudo chown ftpuser:ftpuser /var/www/html

Now, skip to Step 5 to configure VSFTPD.

4.2 Upload Files on Home Directory Using FTP Server

This will allow the user to upload files to the home directory. For this step, create a new directory called ftp in the user’s home directory. Additionally, you will create a directory within ftp directory called files. Run the command given below:

sudo mkdir /home/ftpuser/ftp

Instead of ftpuser, type your FTP user name. In this tutorial, we have named our user as ftpuser.

Set the ownership of the ftp directory to nobody:nogroup.

sudo chown nobody:nogroup /home/ftpuser/ftp

The next step is to set permissions for the ftp directory. For this step, you will use chmod command. Set it as “a-w“, so that it is not writable by anyone, otherwise, you cannot log in as VSFTPD will not allow it.  

sudo chmod a-w /home/ftpuser/ftp

Next, you will create a new directory. This directory will be created within ftp directory where the user can view and upload files.

sudo mkdir /home/ftpuser/ftp/files

Lastly, you will assign ownership of this directory to your new FTP user. 

sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files

5. VSFTPD Configuration

There are a few changes we have to make to the VSFTPD configuration file before you can start using FTP on Ubuntu 20.04/20.10.

Firstly, rename the config file.

sudo mv /etc/VSFTPD.conf /etc/VSFTPD.conf.bak

Secondly, create a new config file with nano editor.

sudo nano /etc/VSFTPD.conf

Paste in the following:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/VSFTPD/empty
pam_service_name=VSFTPD
force_dot_files=YES
pasv_min_port=40000
pasv_max_port=50000
ftp server config file setup

If you followed method 4.2 previously and only want this user to upload files to the home folder, you must tell VSFTPD that the local_root is the /ftp folder we created earlier. Don’t add these two lines if you want the user to upload to the web document root!.

etc/VSFTPD.conf
user_sub_token=$USER
local_root=/home/$USER/ftp

Finally, you are done with VSFTPD.conf

After that, save the file by pressing Ctrl+X. Hit the Y key to save the file with the same name, and press Enter to exit.

Lastly, restart VSFTPD.

sudo systemctl restart VSFTPD

6. Test FTP Server on Ubuntu

You can now test the server to see if it is functioning. For this, it is recommended to use FileZilla. It works on all major operating systems. You can download it from its website and install it.

After the installation, just run the software. 

Enter your server’s IP, your FTP username, and the password you created earlier, and click “Quickconnect”.

Set up FTP Server on Ubuntu 1

Above you can see we have connected successfully, and the webroot directory is displayed, though this may be different on your server.

Try uploading, creating, and editing folders and files within the webroot directory to ensure permissions are working correctly.

7. Secure FTP with TLS 

It is a recommended step! As we discussed above, FTP is not encrypted by default. It means that the files you transferred are vulnerable. To address it, you should connect to VSFTPD using FTPS (FTP over SSL/TLS).

For this step, we will first create a certificate with the OpenSSL tool. Execute the command given below:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/VSFTPD.pem -out /etc/ssl/private/VSFTPD.pem

It will ask for some contact details. It is not necessary to fill in all the details. You can press Enter key for defaults.

openssl configuration

Now that you have set the private key, there are few more changes that you need to perform in the configuration files. 

Firstly, Open the config file in nano editor.

sudo nano /etc/VSFTPD.conf

Paste the following lines in the file beneath the existing text.

/etc/VSFTPD.conf
ssl_enable=YES
rsa_cert_file=/etc/ssl/private/VSFTPD.pem
rsa_private_key_file=/etc/ssl/private/VSFTPD.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
tls config

Then, press Ctrl+X to save and exit.

Lastly, Restart VSFTPD.

sudo systemctl restart VSFTPD

8. Testing TLS with FileZilla

You can now test TLS with FileZilla.

Firstly, enter your server’s IP, your FTP username, and the password you created earlier, and click “Quickconnect”.

You will get an Unknown Certificate warning. Click Always trust this certificate in future sessions and click “OK”. The TLS will show a connection log when you connect with the server. 

ftp server connection

You are all done! By following this article, you have set up FTP Server, and it is running on Ubuntu. 

In conclusion, this article discussed how to set up and install and configure VSFTPD. Moreover, it also explained how to configure firewalls, create an FTP user and access it with FileZilla. 

If you liked this post, please share it with your friends. In case of any suggestions or queries, leave a comment below.

If this guide helped you, please share it.

Related Posts