TroubleChute Logo
DEBIAN LINUX

vsftpd Complete Install & Crash Course Guide


Published: Jan 14, 2024
Last Edit: Feb 24, 2024
Linux SSH
1,072 Words, 5 Minutes.

Watch the video:


Timestamps:
0:00 - Intro/Explanation
0:20 - Installing vsftpd
0:30 - Preparing vsftpd
1:20 - Create FTP user
2:59 - Creating a test file to verify access
3:18 - Configuring vsftpd
5:11 - Testing vsftpd server
5:40 - Enabling FTPS
7:50 - Securing FTP user

Introduction

Are you looking to set up an FTP server on your Ubuntu or Debian-based operating system? vsftpd is a reliable and secure solution that allows you to transfer files between your computer and a remote server.

In this comprehensive guide, I’ll walk you through the process of installing and using vsftpd step by step. Whether you’re a beginner or an experienced user, this guide has got you covered.

Installing vsftpd

The first step to getting started with vsftpd is to install it on your system. Open the terminal and run the following commands:

1
2
sudo apt update
sudo apt install vsftpd

These commands will update your system’s package list and install vsftpd on your machine. Once the installation is complete, you’re ready to move on to the configuration process.

Firewall

If you’re using something like UF, you’ll need to allow VSFD through the firewall. You can do so with the following commands.

1
2
3
4
5
6
sudo ufw status
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw status

Configuring vsftpd

Before you can start using vsftpd, you need to configure it to suit your needs. To do this, we’ll need to make a few changes to the vsftpd configuration file. Open the file using the following command:

1
2
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
sudo nano /etc/vsftpd.conf

Inside the configuration file, you’ll find various settings that you can customize. For example, you can enable or disable anonymous login, set up local user accounts, and define the directories accessible to each user.

Once you’ve made the necessary changes, save the file and exit the editor. To apply the new configuration, restart the vsftpd service by running the following command:

1
sudo systemctl restart vsftpd

Creating User Accounts

To make use of vsftpd, you’ll need to create user accounts that can access the FTP server. This allows you to control who can upload and download files. To create a new user account, use the adduser command followed by the desired username. For example:

1
sudo adduser tcnoftp

You will be prompted to set a password for the new user account. Once the account is created, you can proceed to create a directory for the user to store their files. Use the mkdir command to create the directory:

1
sudo mkdir /home/tcnoftp/ftp

Next, we need to set the ownership and permissions for the directory. Run the following commands:

1
2
3
4
5
6
sudo chown nobody:nogroup /home/tcnoftp/ftp
sudo chmod a-w /home/tcnoftp/ftp
sudo ls -la /home/tcnoftp/ftp
sudo mkdir /home/tcnoftp/ftp/files
sudo chown tcnoftp:tcnoftp /home/tcnoftp/ftp/files
sudo ls -la /home/tcnoftp/ftp

These commands ensure that the user has full ownership and restricted access to their directory.

Testing the FTP Server

Now that you have set up vsftpd and created a user account, it’s time to test the FTP server. One way to do this is by using a popular FTP client like FileZilla. Open FileZilla and enter the host, username, and password for your FTP server. Connect to the server, and if everything is set up correctly, you should be able to see and access the files in the user’s directory.

If you want, you can create a test file:

1
echo "This is a test file" | sudo tee /home/tcnoftp/ftp/files/test.txt

Further securing FTP

A good idea is to tell learning that a certain user account is only an ftp user disallowing them access to anything else other than transferring files around, etc. It’s a good idea to run the following commands.

1
2
3
4
sudo nano /etc/vsvftpd.conf
echo "tcnoftp" | sudo tee -a /etc/vsftpd.userlist
cat /etc/vsftpd.userlist
sudo systemctl restart vsftpd

Enabling FTPS (FTP over SSL)

To add an extra layer of security to your FTP server, you can enable FTPS, which is FTP over SSL. This encrypts the data transferred between the client and the server, ensuring that it cannot be intercepted by unauthorized users.

To enable FTPS, we need to create an SSL certificate. Run the following command to generate the certificate:

1
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

During the certificate generation process, you will be prompted to provide information such as the country code, state, and organization name. Once the certificate is generated, we can proceed with the configuration.

Open the vsftpd configuration file again:

1
sudo nano /etc/vsftpd.conf

Scroll down to the bottom of the file and locate the RSA certificate settings. Replace the paths with the following:

1
2
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

Save the file and exit the editor. Restart the vsftpd service to apply the changes:

1
sudo systemctl restart vsftpd

Your FTP server is now configured to accept FTPS connections. You can test this by connecting to the server using an FTP client that supports FTPS.

Securing FTP User Access

To further enhance security, you can limit FTP users to only FTP access and disable shell access. This prevents users from accessing the command line interface on your server.

To restrict FTP user access, we need to create a limited shell. Run the following command to create the shell script:

1
sudo nano /bin/ftponly

Inside the editor, add the following line:

1
2
#!/bin/sh
echo "Limited to FTP access only"

Save the file and exit the editor. Next, make the shell script executable:

1
sudo chmod a+x /bin/ftponly

To enforce the limited shell, open the /etc/shells file:

1
sudo nano /etc/shells

Scroll to the bottom of the file and add the following line:

1
/bin/ftponly

Save the file and exit the editor. Finally, modify the user’s account to use the limited shell:

1
sudo usermod -s /bin/ftponly ftpuser

Now, if the user tries to access the server via SSH, they will be denied access. However, they can still connect to the FTP server using their FTP client.

Congratulations! You have successfully installed and configured vsftpd on your Ubuntu or Debian-based operating system. You can now securely transfer files between your computer and the FTP server using FTP or FTPS. Remember to regularly update your system and monitor the FTP server for any suspicious activities. Enjoy the convenience and security of vsftpd for all your file transfer needs.

TroubleChute © Wesley Pyburn (TroubleChute)
Support Me Privacy Policy Cookies Policy Terms of Service Change privacy settings Contact