FTP is unencrypted by default so using it on its own is not a good choice for secure data transmission. However, there is a new and improved version of FTP as vsftpd which is an excellent choice as a usage. It is optimized for performance, security and stability and is used by default in many Linux distributions.
In this guide, we will install and configure an FTP server with vsftpd on Ubuntu.
Prerequisites
Before we get started, we will need the following:
- An Ubuntu 18.04 server (or higher version)
- Access to a root user account or an account with sudo privileges.
- Basic understanding of Linux commands
Step 1: Install vsftpd server on Ubuntu
Start by updating your repository by entering the following code:
sudo apt update
Once the system is updated, we can go ahead and install vsftpd. This is a common open-source FTP utility that is used in Ubuntu.
sudo apt install vsftpd
When prompted to continue don’t forget to press y and Enter.
Once the vsftpd is installed and set up on your server, it will not start automatically. Enter the following commands to start the service and also for the service to start during boot-up of the server.
sudo systemctl start vsftpd
sudo systemctl enable vsftpd
Step 2: Make a backup of the configuration files
Before we will go-ahead to change some configurations, it's best to take a backup of the default configuration files. To create a backup, enter the following:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_default
Step 3: Create an FTP User
In order to use vsftpd, we will create a dedicated FTP user. A new user is created as a security measure and to limit the access to the server to all other users on the system. We will be creating a user named sushi (be sure to change the name of the user to something relevant for you):
sudo useradd -m sushi
sudo passwd sushi
When prompted to enter the password for the user account, enter the password and confirm it.
Step 4: Firewall Configurations
Ubuntu 18.04 comes with the UFW firewall and it is usually active by default. The firewall itself will block FTP traffic as a security measure but the FTP ports are needed for vsftpd to function properly. The FTP ports are port 20 and port 21 which can be opened by using the following command:
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
Step 5: connecting to the FTP server
Now that everything is set in place, you can connect to the FTP server. Open a new terminal window and enter the following command:
sudo ftp 23.222.34.6
Be sure to change the IP address with your servers IP address. You can log in to the FTP server by using the user account you created earlier (step 3).
Additional Configurations
Authenticate FTP Users
If you would like to let the authenticated users upload files, you should make some changes in the vsftpd.conf file. To make the changes, open the configuration file using the nano command:
sudo nano /etc/vsftpd.conf
Scroll through the file and find the entry write_enable=NO and change the value to YES as shown in the picture below.
Save the file and exit the nano text editor. Now for the changes to come into effect, restart the FTP service:
sudo systemctl restart vsftpd.service
Now the users will be able to make changes through their home directory.
Change the default directory
By default, the FTP server uses the /srv/ftp directory as the default directory. You can change this by creating a new directory and changing the FTP user home directory. This is a security measure to keep the FTP files separate from the default location.
To change the FTP home directory, enter the following:
sudo mkdir /srv/ftp/new_location
sudo usermod -d /srv/ftp/new_ftp ftp
Restart the vsftpd service to apply the changes:
sudo systemctl restart vsftpd.service
Now, you can put any files you want to share via FTP into the /srv/ftp folder (if you left it as the default), or the /srv/ftp/new_ftp/ directory (if you changed it).
Limit User Access
There are many security threats that come across unsecured FTP servers. Therefore, limiting user access to the home directory is one of the key measures to take.
You can access the file by using the nano command:
sudo nano /etc/vsftpd.conf
Uncomment the following command in the vsftpd.conf file.
chroot_local_user=YES
Create a user list file
In order to create a user list who has access to the FTP server, you will need to make changes in the /etc/vsftpd.chroot_list file. Here you should add one user per line and the list will be made accordingly.
Once the changes are done, instruct your FTP server to limit this list of users to their own home directories by editing vsftpd.conf:
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list
For the changes to come into effect, you should restart the vsftpd service:
sudo systemctl restart vsftpd.service
By default, the list of blocked users from FTP access is stored in /etc/ftpusers. In this file, you can edit the list of blocked users. Edit this file and add one user per line. Don’t forget to save your changes when exiting the file.
Conclusions
In this tutorial, we went through the steps on how to set up an FTP server in Ubuntu 18.04 by using vsftpd. We also covered some additional configuration changes to make the server more secure and avoid getting security breaches.
We hope that this article helped you setting the FTP server up, and if you have any feedback, let us know in the comments below.
Lewis
2020 Nov 08, 12:11:56
Hello there! Do you use Twitter? I'd like to follow you if that would be ok. I'm absolutely enjoying your blog and look forward to new updates.