Install and configure vsftpd

What is FTP?

FTP, short for File Transfer Protocol, is a network protocol that was once widely used for moving files between a client and server. It has since been replaced by faster, more secure, and more convenient ways of delivering files.

Here is the list of some well-known FTP servers.

  • FTPD
  • VSFTPD
  • PROFTPD
  • PUREFTPD

Introduction to vsftpd

VSFTPD stands for Very Secure File Transfer Protocol Daemon. It is GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast and stable.

Features:

  • Virtual IP configurations
  • Virtual users
  • Standalone or inetd operation
  • Powerful per-user configurability
  • Bandwidth throttling
  • Per-source-IP configurability
  • Per-source-IP limits
  • IPv6
  • Encryption support through SSL integration
  • Etc…

Installation and Configuration of vsftpd with new FTP user.

Prerequisites: Ubuntu server with sudo access.

Step 1 — Installing vsftpd

$ sudo apt-get update

$ sudo apt-get install vsftpd

After completion of installation it’s good to keep the original configuration file for backup.

  $ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Step 2 — Create User Directory and Set Ownership

Create the FTP folder, add user and assign a directory to it.

$ sudo mkdir /home/emipro/FTP

$ sudo adduser –home=/home/emipro/FTP test_user

Create new directory under FTP directory and set the permissions to 777.

$ sudo mkdir /home/emipro/FTP/Test

$ sudo chmod 777 /home/emipro/FTP/Test

Set the ownership, and make sure to remove write permissions with the following commands :

$ sudo chown nobody:nogroup /home/emipro/FTP

$ sudo chmod a-w /home/emipro/FTP

Once you have created FTP directory, then we can add subdirectories with full access permissions.

Step 3 — Configuring FTP Access by doing following changes in vsftpd.conf  file

Open configuration file.

$ sudo nano /etc/vsftpd.conf

For allowing user to upload the files,  uncomment the write_enable setting.

write_enable=YES

Uncomment chroot_local_user  to allow FTP user to access the assigned directory to him/her.

chroot_local_user=YES

chroot_list_enable=NO

Uncomment chroot_list_file  and provide path for user list.

chroot_list_file=/etc/vsftpd.chroot_list

Add user to vsftpd.userlist for access to login and FTP directory.

$ sudo  vi /etc/vsftpd.userlist

Add test_user in file(caution:one username per line)

Add below option to allow local user to login via FTP.

allow_writeable_chroot=YES

Restart  vsftpd  service.

$ sudo systemctl restart vsftpd

Now we can access our FTP server with any ftp client application like FIleZilla.

Here are few common issues you may face :

Issue-1 : 550 Create directory operation failed.

Reason: This error occurs when subdirectory in FTP root directory has not got full access permission i.e. 777

Solution:

$ sudo chmod 777 <FTP sub dir path>

Issue-2 : 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

Reason: This error comes up when either FTP root directory has got full access permission or not the actual required permissions. Home directory must not be writable by the user.

Solution:

$ sudo chmod 555 <FTP root dir path>

Note : Vsftpd is only works  with FTP and provide security to FTP

With vsftpd we can restricte user to his/her home directory using chroot while having connection to ftp           ( port 21).  But If it is allowed to have connection to SFTP (port 22) then this chroot jail will not work.

To configure chroot security for SFTP,

1. Edit file : /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

2. Paste the below code at the end of the file

Subsystem sftp internal-sftp
Match USER <user_name>
ChrootDirectory <user’s home directory>
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

Change username and it’s directory in above lines. Uncomment “Subsystem” if it is there in above lines of config file.

Note : user’s home directory must be owned by root with 755 permission.

3. Restart ssh service

/etc/init.d/ssh restart