logo2
Talk to an Expert
How to setup vsftpd on Ubuntu 16.04

Introduction

FTP is known as File Transfer Protocol, which is used to transfer files from server to server. It is a more secure and faster way of the file transfer. However, there is another protocol in this new era, which is much more secure than FTP, known as vsftpd (very secure file transfer protocol daemon). It is known for its performance, security, and stability. vsftpd is the default for many distributions of Linux and it offers strong security than the FTP server.

Prerequisites

Ubuntu server 16.04 and a new user with the sudo privileges (it should not be the root user), then you can proceed with the below installation.
Installing vsftpd

Installing vsftpd

  • Update the packages:
sudo apt-get update
  • Install the vsftpd in your ubuntu server:
sudo apt-get install vsftpd
  • Copy the original configuration and save it as a backup:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
  • Add some rules to FTP traffic and enable Firewall ports:
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw status

Add some rules to FTP traffic and enable Firewall ports

Configuring User’s Home Directory

  • Create a new user to configure its home directory:
sudo adduser zehncloud
  • Create an “ftp” folder:
sudo mkdir /home/zehncloud/ftp
  • Set the ownership to the “ftp” folder:
sudo chown nobody:nogroup /home/zehncloud/ftp
  • Remove write permissions:
sudo chmod a-w /home/zehncloud/ftp
  • To verify the permissions on the directory:
sudo ls -la /home/zehncloud/ftp

total 8
dr-xr-xr-x 2 nobody nogroup 4096 Sep 16 05:29 .
drwxr-xr-x 3 zehncloud zehncloud 4096 Sep 16 05:29 ..
Output

  • Create a directory where the user can upload the files and provide it’s ownership to the user:
sudo mkdir /home/zehncloud/ftp/zt-data
sudo chown zehncloud:zehncloud /home/zehncloud/ftp/zt-data
  • To verify the permissions on the directory:
sudo ls -la /home/zehncloud/ftp

total 12
dr-xr-xr-x 3 nobody nogroup 4096 Sep 16 05:35 .
drwxr-xr-x 4 zehncloud zehncloud 4096 Sep 16 05:35 ..
drwxr-xr-x 2 zehncloud zehncloud 4096 Sep 16 05:35 zt-data
Outpu

Allowing FTP Access to the User
Verify the vsftpd configuration file with the below configuration settings and make sure that every setting should match those below.

  • Open up the vsftpd configuration file:
sudo nano /etc/vsftpd.conf

. . .
# Allow annonymous FTP?
annonymous_enable=NO
#
# Uncomment below line to allow local users to log in.
local_enable=YES
#
#Allow write access to ftp users.
write_enable=YES
#
#Uncomment the chroot to prevent the FTP user from accessing any files outside the directory tree.
chroot_local_user=YES
#
#add a user_sub_token option to insert the username into local_root directory path so that our #configuration will work for this user and all ftp users in future.
user_sub_token=$USER
local_root=/home/$USER/ftp
#
#To limit the range of ports for enough connections.
pasv_min_port=40000
pasv_max_port=50000
#
#The access is given to a user only when they are explicitly added into a list
#rather than by default:
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
#Note: comment the above lines “userlist_enable” and “userlist_deny”, if the ftp services are not running.
. . .
/etc/vsftpd.conf

Create and add our user to the file.

echo "zehncloud" | sudo tee -a /etc/vsftpd.userlist

Check if the user has been added in the user list or not:

cat /etc/vsftpd.userlist

Testing FTP Access

zehncloud
output

Testing FTP Access
As per the configuration, only the “zehncloud” user should be allowed to connect via FTP, and anonymous users should not be allowed to connect.

  • See the below example:
ftp -p 192.168.0.136

Connected to 192.168.0.136.
220 (vsftpd 3.0.3)
Name (192.168.0.136:default): test_user
530 Permission denied.
ftp: Login failed.
ftp>
Output

Close the connection

  • Also, the test will be failed with our sudo user:
ftp -p 192.168.0.136

Connected to 192.168.0.136.
220 (vsFTPd 3.0.3)
Name (192.168.0.136:default): sudo_user
530 Permission denied.
ftp: Login failed.
ftp>
Output

Close the connection:

  • If I log in as “zehncloud” user, I should be able to connect via FTP as well as read and write files:
ftp -p 192.168.0.136

Connected to 192.168.0.136.
220 (vsFTPd 3.0.3)
Name (192.168.0.136:default): zehncloud
331 Please specify the password.
Password: your_user’s_password
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Output

  • Enter into the files directory and use the get command to transfer the test file we have created earlier to our local machine.
cd files
get test.txt

227 Entering Passive Mode (192,168,0,136,169,12).
150 Opening BINARY mode data connection for test.txt (16 bytes).
226 Transfer complete.
16 bytes received in 0.0101 seconds (1588 bytes/s)
ftp>
Output

  • To test the write permissions, upload the same file with another name:
put test.txt upload.txt

227 Entering Passive Mode (192,168,0,136,164,71).
150 Ok to send data.
226 Transfer complete.
16 bytes sent in 0.000894 seconds (17897 bytes/s)
Output

Close the connection:

bye

The above test confirms that our configuration is working fine.

Conclusion

In this tutorial, we have installed an FTP server and FTP user. Then we have configured their home directory and provide ownership to them. After that, we have allowed FTP access to the users and denied access to anonymous users. Finally, we have checked the FTP access to those users.

zehncloud-logo (1)

We partner with you and bring together talented team of designers, front end developers, back end developers, Software architect, Cloud engineers to make your vision a reality and business a success.

Quick Links

Say Hello

Feeling Social

Facebook Twitter Youtube Linkedin Instagram

Locate Us

1968 S Coast Hwy #794
Laguna Beach, CA 92651, USA

© Copyright 2021 zehncloud.com | All Rights Reserved
Made with by Zehntech