How To Install VSFTPD on Ubuntu 18

FTP is unencrypted by default so using it on its own is not a good choice for secure data transmission. However, there is a new and improved version of FTP as vsftpd which is an excellent choice as a usage. It is optimized for performance, security and stability and is used by default in many Linux distributions.

In this guide, we will install and configure an FTP server with vsftpd on Ubuntu.

Prerequisites

Before we get started, we will need the following:

• An Ubuntu 18.04 server (or higher version)
• Access to a root user account or an account with sudo privileges.
• Basic understanding of Linux commands

Step 1: Install vsftpd server on Ubuntu

Start by updating your repository by entering the following code:

sudo apt update

Once the system is updated, we can go ahead and install vsftpd. This is a common open-source FTP utility that is used in Ubuntu.

sudo apt install vsftpd

When prompted to continue don’t forget to press y and Enter.

Once the vsftpd is installed and set up on your server, it will not start automatically. Enter the following commands to start the service and also for the service to start during boot-up of the server.

sudo systemctl start vsftpd

sudo systemctl enable vsftpd

Step 2: Make a backup of the configuration files

Before we will go-ahead to change some configurations, it's best to take a backup of the default configuration files. To create a backup, enter the following:

sudo cp /etc/vsftpd.conf  /etc/vsftpd.conf_default

Step 3: Create an FTP User

In order to use vsftpd, we will create a dedicated FTP user. A new user is created as a security measure and to limit the access to the server to all other users on the system. We will be creating a user named sushi (be sure to change the name of the user to something relevant for you):

sudo useradd -m sushi

sudo passwd sushi

When prompted to enter the password for the user account, enter the password and confirm it.

Step 4: Firewall Configurations

Ubuntu 18.04 comes with the UFW firewall and it is usually active by default. The firewall itself will block FTP traffic as a security measure but the FTP ports are needed for vsftpd to function properly. The FTP ports are port 20 and port 21 which can be opened by using the following command:

sudo ufw allow 20/tcp

sudo ufw allow 21/tcp

Step 5: connecting to the FTP server

Now that everything is set in place, you can connect to the FTP server. Open a new terminal window and enter the following command:

sudo ftp 23.222.34.6

Be sure to change the IP address with your servers IP address. You can log in to the FTP server by using the user account you created earlier (step 3).

Additional Configurations

Authenticate FTP Users

If you would like to let the authenticated users upload files, you should make some changes in the vsftpd.conf file. To make the changes, open the configuration file using the nano command:

sudo nano /etc/vsftpd.conf

Scroll through the file and find the entry write_enable=NO and change the value to YES as shown in the picture below.

Save the file and exit the nano text editor. Now for the changes to come into effect, restart the FTP service:

sudo systemctl restart vsftpd.service

Now the users will be able to make changes through their home directory.

Change the default directory

By default, the FTP server uses the /srv/ftp directory as the default directory. You can change this by creating a new directory and changing the FTP user home directory. This is a security measure to keep the FTP files separate from the default location.

To change the FTP home directory, enter the following:

sudo mkdir /srv/ftp/new_location

sudo usermod -d /srv/ftp/new_ftp ftp

Restart the vsftpd service to apply the changes:

sudo systemctl restart vsftpd.service

Now, you can put any files you want to share via FTP into the /srv/ftp folder (if you left it as the default), or the /srv/ftp/new_ftp/ directory (if you changed it).

Limit User Access

There are many security threats that come across unsecured FTP servers. Therefore, limiting user access to the home directory is one of the key measures to take.

You can access the file by using the nano command:

sudo nano /etc/vsftpd.conf

Uncomment the following command in the vsftpd.conf file.

chroot_local_user=YES

Create a user list file

In order to create a user list who has access to the FTP server, you will need to make changes in the /etc/vsftpd.chroot_list file. Here you should add one user per line and the list will be made accordingly.

Once the changes are done, instruct your FTP server to limit this list of users to their own home directories by editing vsftpd.conf:

chroot_local_user=YES

chroot_list_file=/etc/vsftpd.chroot_list

For the changes to come into effect, you should restart the vsftpd service:

sudo systemctl restart vsftpd.service

By default, the list of blocked users from FTP access is stored in /etc/ftpusers. In this file, you can edit the list of blocked users. Edit this file and add one user per line. Don’t forget to save your changes when exiting the file.

Conclusions

In this tutorial, we went through the steps on how to set up an FTP server in Ubuntu 18.04 by using vsftpd. We also covered some additional configuration changes to make the server more secure and avoid getting security breaches.

We hope that this article helped you setting the FTP server up, and if you have any feedback, let us know in the comments below.