Here we will install and configure vsftpd (Very Secure File Transfer Protocol Daemon) on Ubuntu.
Install vsftpd
Update the package list and dependencies for vsftpd. Then second command download and Install vsftpd.
$ sudo apt update && sudo apt install vsftpd
Check the status of vsftpd
$ sudo service vsftpd status
● vsftpd.service – vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-04-27 19:35:30 IST; 13s ago
Main PID: 54532 (vsftpd)
Tasks: 1 (limit: 1137)
Memory: 652.0K
CGroup: /system.slice/vsftpd.service
└─54532 /usr/sbin/vsftpd /etc/vsftpd.conf
Apr 27 19:35:30 ubuntu systemd[1]: Starting vsftpd FTP server…
Apr 27 19:35:30 ubuntu systemd[1]: Started vsftpd FTP server.
Configure Firewall
$ sudo ufw allow OpenSSH
$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw allow 40000:50000/tcp
$ sudo ufw allow 990/tcp
$ sudo ufw enable
$ sudo ufw status
Status: active
To Action From
— —— —-
OpenSSH ALLOW Anywhere
Apache Full ALLOW Anywhere
3306 ALLOW Anywhere
20/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
40000:50000/tcp ALLOW Anywhere
990/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
3306 (v6) ALLOW Anywhere (v6)
20/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
40000:50000/tcp (v6) ALLOW Anywhere (v6)
990/tcp (v6) ALLOW Anywhere (v6)
Create FTP User
$ sudo adduser ftpuser
$ sudo nano /etc/ssh/sshd_config
DenyUsers ftpuser
$ sudo service sshd restart
Directory Permissions
Upload to a Web Server
$ sudo usermod -d /var/www ftpuser
$ sudo chown ftpuser:ftpuser /var/www/html
Upload to a Home Folder
$ sudo mkdir /home/ftpuser/ftp
$ sudo chown nobody:nogroup /home/ftpuser/ftp
$ sudo chmod a-w /home/ftpuser/ftp
$ sudo mkdir /home/ftpuser/ftp/files
$ sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files
Configure vsftpd
$ sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak
$ sudo nano /etc/vsftpd.conf
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=40000
pasv_max_port=50000
user_sub_token=$USER
local_root=/home/$USER/ftp
We are done with vsftpd.conf
$ sudo systemctl restart vsftpd
Secure FTP with TLS (Recommended)
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
$ sudo nano /etc/vsftpd.conf
ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
$ sudo systemctl restart vsftpd