Ubuntu (12.04) FTP Server Configuration

Access to an FTP server can be managed in two ways:

Anonymous

Authenticated

vsftpd – FTP Server Installation

vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, and maintain. To install vsftpd you can run the following command:

sudo apt-get install vsftpd

Anonymous FTP Configuration

By default vsftpd is configured to only allow anonymous download. During installation a ftp user is created with a home directory of /home/ftp. This is the default FTP directory.

If you wish to change this location, to /srv/ftp for example, simply create a directory in another location and change the ftpuser’s home directory:

sudo mkdir /srv/ftp

sudo usermod -d /srv/ftp ftp

After making the change restart vsftpd:

sudo /etc/init.d/vsftpd restart

Finally, copy any files and directories you would like to make available through anonymous FTP to /srv/ftp.

User Authenticated FTP Configuration

To configure vsftpd to authenticate system users and allow them to upload files edit /etc/vsftpd.conf:

local_enable=YES
write_enable=YES

Now restart vsftpd:

sudo /etc/init.d/vsftpd restart

Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc.

Similarly, by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd:

anon_upload_enable=YES
[Warning]
Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet.

The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, man 5 vsftpd.conf for details of each parameter.

Securing FTP

There are options in /etc/vsftpd.conf to help make vsftpd more secure. For example users can be limited to their home directories by uncommenting:

chroot_local_user=YES

You can also limit a specific list of users to just their home directories:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

After uncommenting the above options, create a /etc/vsftpd.chroot_list containing a list of users one per line. Then restartvsftpd:

sudo /etc/init.d/vsftpd restart

Also, the /etc/ftpusers file is a list of users that are disallowed FTP access. The default list includes root, daemon, nobody, etc. To disable FTP access for additional users simply add them to the list.

Testing the Status of VSFTPD

You can always test whether the VSFTPD process is running by using the netstat -a command which lists all the TCP and UDP ports on which the server is listening for traffic. This example shows the expected output.

[root@bigboy root]# netstat -a | grep ftp
tcp 0 0 *:ftp *:* LISTEN
[root@bigboy root]#

If VSFTPD wasn’t running, there would be no output at all.

The location of vsftpd: /sur/sbin/vsftpd, you can try to run it directly here by getting inside /sur/sbin,

root@ubuntu1:/sur/sbin# vsftpd

To check whether port 21 is open with

lsof -i tcp:21

Advertisements

About zephyr9000

Happy sailer
This entry was posted in Ubuntu Configuration. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s