+4 votes
254 views
How to install vsftpd on Linux Ubuntu and configure it correctly

in Guides by (552k points)
reopened | 254 views

1 Answer

+5 votes
Best answer

How to install vsftpd on Linux Ubuntu and configure it step by step.
Install vsftpd in Ubuntu.
Configure vsftpd in Ubuntu.

All the tutorials I have read so far on how to install vsftpd start the same way, warning that the FTP protocol is insecure because it is not encrypted . This is true, but it is also true that if we want to set up a local FTP server for our own use, using vsftpd is the fastest and easiest solution. For this reason I decided to write this tutorial on how to install vsftpd on Linux Ubuntu and configure it correctly step by step .

image

It is also necessary that you know the alternatives to FTP considered as secure, where we find the sFTP and SCP protocols as the most used. We can also configure vsftpd to use a secure connection under SSL / TLS.

Although it is relatively simple to configure vsftp with SSL / TLS, I will not include it in this tutorial, since the objective is to make a quick and simple explanation. I may dedicate a tutorial to that aspect later.

How to install vsftpd on Linux Ubuntu and configure it step by step.

I will try to make this tutorial valid for both recent versions of Ubuntu and older versions. At the time of writing this article I am working with Ubuntu 16.04 , but the tutorial will also be compatible with Ubuntu 14.04 and it will probably also work for previous versions.

Before entering fully into the configuration of vsftpd , remember that in this tutorial I will not include the configuration of the firewall , since each user will have the one they like installed. With this I want to remind you to manage the firewall rules to allow connections to the FTP server, which usually use ports 20 and 21 unless we configure it otherwise. If you don't use any firewall, you won't need to do any of this.

I have chosen vsftpd as an FTP server because it is very easy to install and use. We also find it in the official Ubuntu repositories, which simplifies the task much more.

Install vsftpd in Ubuntu.

To install vsftpd in Ubuntu 16.04 we can use the command:
sudo apt install vsftpd

If we use the Ubuntu version 14.04 , the command we will use is:
sudo apt-get install vsftpd

Before moving forward, we must know the commands to start, stop and restart the vsftpd daemon. In Ubuntu 16.04 the commands to start, stop and restart vsftpd are:
sudo systemctl restart vsftpd
sudo systemctl start vsftpd
sudo systemctl stop vsftpd

In Ubuntu 10.04 the commands to start, stop and restart vsftpd are:
sudo service vsftpd restart
sudo service vsftpd start
sudo service vsftpd stop

Configure vsftpd in Ubuntu.

To configure vsftpd I will start from scratch, adding a new user to which to give the appropriate permissions so that I can upload and download files to a specific folder. This user will be locked in your home folder, so you will not be able to access any other part of the operating system. In this way, we get a more secure configuration.

To add the user we execute the command:
sudo adduser TechnoWikis

After executing this command you will ask us to enter a password.

I make a small paragraph to remember the tutorial on how to add and remove users on Linux that we wrote some time ago.

We will use this TechnoWikis user to access the FTP server. We should know that the vsftp chroot cage security system encloses the user in his home folder, so in our case the chroot would be /home/TechnoWikis . In addition, vsftp handles chroot cages so that two conditions must be met:

  • The owner of the chroot folder and the user who connects via FTP cannot be the same.
  • The chroot folder cannot have write permissions.

So we must change the owner of this folder with the following command:
sudo chown root:root /home/TechnoWikis

If we want the user to upload files to the FTP server, we will need to create a folder:
sudo mkdir /home/TechnoWikis/ftp_subidas
sudo chown TechnoWikis:TechnoWikis /home/TechnoWikis/ftp_subidas

Something very important is to remove access to the shell of the TechnoWikis user we add. I insist that it is very important because it can pose a serious security risk. The problem is that when removing access to the shell, vsftpd does not allow us to access the FTP server because the user does not have a valid shell assigned. To solve this we will create a custom shell, which we will add to the list of valid shells and finally assign this shell to our user .

We start by executing the following command:
sudo nano /bin/ftponly

We add the following lines and save the file:

#!/bin/sh
echo "Esta cuenta solo dispone de acceso por FTP."

We give execution permissions to the ftponly shell with the command:
sudo chmod a+x /bin/ftponly

Edit the list of valid shells with the command:
sudo nano /etc/shells

We add /bin/ftponly to the end of the list:

# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash
/bin/ftponly

We ftponly the shell ftponly to our user:
sudo usermod TechnoWikis -s /bin/ftponly

Important note: in some tutorials that I have been able to read do not create this ftponly custom shell, but instead use the system shell /usr/sbin/nologin or /sbin/nologin . As there are several system services that use this nologin shell, we should not use it or we will be creating a serious security problem .

At this point, we have our user ready. Now we proceed to edit the vsftpd configuration file with the command:
sudo nano /etc/vsftpd.conf

The file must be modified by deleting the # character in the corresponding parts and making the modifications as shown below:

...

# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#

...

# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
...

We only have to restart vsftpd with the command that we show you at the beginning of this tutorial and we start to prove that everything works correctly. It's that simple to install vsftpd on Linux Ubuntu.

image

To test the FTP server you can try to connect using an FTP client such as FileZilla or you can go through the tutorial we wrote recently about how to send a file via FTP from the console in Linux .


by (3.5m points)

Related questions

+4 votes
1 answer
+5 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (552k points) | 935 views
+4 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (552k points) | 249 views
+4 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (552k points) | 203 views
+3 votes
1 answer
asked Aug 9, 2019 in Guides by backtothefuture (552k points) | 1k views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users