Install and Configure VSFTPD on Ubuntu 20.04 | 18.04

This brief tutorial shows students and new users how to install a FTP server using VSFTPD on Ubuntu 20.04 | 18.04.

FTP protocol is one of the easiest ways to transfer files between a server and client computers however, it’s inherently insecure in its standard form.

There many open source FTP server available on Linux systems, including Ubuntu. There’s ProFTPd, PureFTPD, VSFTPD, etc.

This post shows you how to setup FTP with VSFTPD (Very Secure Ftp Daemon).

Although this post is tested on Ubuntu 20.04, it should also apply to other versions of Ubuntu and most Linux systems.

To get started with installing and configuring VSFTPD, follow the steps below:

Step 1: Install VSFTPD

To install VSFTPD on Ubuntu, run the commands below.

sudo apt update 
sudo apt-get install vsftpd

After installing VSFTPD, the commands below can be used to stop, start and enable the server service to always start up when the server boots…

sudo systemctl stop vsftpd.service
sudo systemctl start vsftpd.service
sudo systemctl enable vsftpd.service

After installing, you can check VSFTPD status by running the commands below:

sudo systemctl status vsftpd

That should display similar lines as shown below:

vsftpd.service - vsftpd FTP server
     Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2020-05-17 17:57:40 CDT; 17s ago
   Main PID: 2916 (vsftpd)
      Tasks: 1 (limit: 4657)
     Memory: 584.0K
     CGroup: /system.slice/vsftpd.service
             └─2916 /usr/sbin/vsftpd /etc/vsftpd.conf

May 17 17:57:40 ubuntu2004 systemd[1]: Starting vsftpd FTP server...
May 17 17:57:40 ubuntu2004 systemd[1]: Started vsftpd FTP server.

Step 2: Configuring VSFTPD

After installing the server, you’ll find its main configuration file at /etc/vsftpd.conf. Many of the settings you’ll configured are well documented in there.

Run the commands below to open its main configuration file.

sudo nano /etc/vsftpd.conf

Than, begin enabling settings that suit your environment.

1. FTP access

By default, FTP access is granted to anonymous user only. To grant access to local users only, change the line in the file to match the settings below:

anonymous_enable=NO
local_enable=YES

To allow local users to upload to the FTP server, and only give them access to upload to their home folders, edit the lines below:

write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES

Continue below for more configurations.

2. Users restrictions

If you don’t want all local users with account on the system to upload file, then you can limit access to only users that are on the allowed list.

This option only allow users who are explicitly specified in the file.

userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO

Continue below for more configurations

3. Secure with SSL certificates

If you want to provide encrypted FTP file transmission, you’ll need to include SSL certificates with your setup.

You can use existing certificates or create self-signed.

For self-signed certificates, run the commands below:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

The commands will generate self-signed certificate files you can use in your configuration.

Open VSFTPD default configuration file again and add the lines below referencing the certificates files above.

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES

That should encrypt file transmission to the server.

At this point, your configuration file should look similar to the one below:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO

Save your changes and restart the server.

sudo systemctl restart vsftpd

Continue configuring.

4. Setup FTP homes

When adding new FTP users, simply create their FTP folders and add them to the file to allow access to the server.

udo mkdir -p /home/username/ftp/upload
sudo chmod 550 /home/username/ftp
sudo chmod 750 /home/username/ftp/upload
sudo chown -R username: /home/username/ftp

Replace username with the actual user account name.

Then add the users to the allowed list.

echo "username" | sudo tee -a /etc/vsftpd.user_list

Step 3: Access VSFTPD FTP Server

Now grab your favorite FTP client (FileZilla) and setup a new site in your site manage and use FTP protocol with encryption with explicit FTP over TLS… Type your username and password and connect.

You should be prompted with a certificate… accept the certificate and continue. You may check the box at the bottom of the page to trusted the certificate so you don’t get prompted in the future…

You should now be transferring files securely via SSL/TLS.

That’s it!

Conclusion:

This post showed you how to install and configure VSFTPD FTP server on Ubuntu 20.04 | 18.04. If you find any error above, please use the comment form below to report.

Thanks,

You may also like the post below:

How to Create Self-Signed SSL Certificates on Ubuntu 20.04 | 18.04