Scribd
Upload
90 views

FTP server the easy way with vsftpd — Code Done Right!

Uploaded by

Mc Q Soft
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
90 views

FTP server the easy way with vsftpd — Code Done Right!

Uploaded by

Mc Q Soft
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

Home Raspberry Pi server Server features Linux VBA About Contact

FTP server

FTP server is a service that allows exchange of files in a very simple form. It enables you to drop massive
amount of files fairly quickly. You set up a server that can serve and accept files. We are setting up an FTP
server so that YOU can upload and download files, but only on the local network.

Why local network only? Mainly because FTP is insecure. It sends the password in the clear. Like 100% clear.
Any data spoofing software can just yank your password and your server is now completely vulnerable. Worst
case scenario would be that all your data is now compromised. If you do not have any spyware on your PC then
you can utilize FTP on local network without any worry. Keep your antivirus on that Windows machine up to
date!

If you want to share files with others it is best to put them on your website directly, which is simpler and users
have access only to the files you have shared on the website. Seriously Later I will show you how to just drop
files in a public folder so anyone can access them if that is what you need. Do not use FTP to share files. We
are not in the ’90 anymore. You can set up a server open to everybody, but again – why bother with a dedicated
service if we can utilize HTTP protocol?

Setting up an FTP server


Setting up a basic FTP server if a fairly simple task via a package called vsftpd (or Very Secure FTP Daemon). I
will show you how to set up the service so that your administrative account will be able to rummage around the
server.

Required
For LAN access – nothing

https://codedoneright.eu/?page_id=302 1/8
12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

For internet access (not recommenced) – enable port forwarding for FTP access
If you followed basic security tutorial – add rules in UFW to allow FTP access

Creating an FTP folder


Even if you are the sole user of your FTP it is still a good idea to have one specific folder where you can dump
your files, but not required. If on the other hand you are planning on making your files public (do not do that via
FTP, see above why), then you just have to have a specific folder for them.

Run the following code to create a directory for your files

sudo mkdir /var/ftp

As with custom logs from previous tutorial about security, you can specify a folder wherever you want it to be –
/var/ is a good choice.

By default the owner of the folder will be root. As we do not use root account, files would have to be copied to
the folder using sudo command, let us claim the folder for the administrative user account we created previously
(if you have followed previous tutorials you are using it now) by running the chown command

sudo chown -R $USER:$USER /var/ftp/

Just remember to substitute $USER with your username.

We should also adjust permissions so that we can read and write with this user while allowing other users to
only download files. That is Linux administration 101 – look, but do not touch. Run the following

sudo chmod -R 755 /var/ftp/

This way the administrative user will have full control over the folder, but if we decide to make an account for
another user, said user will only be able to download files from this folder. Execute rights are in place so that the
directory can be listed.

Installing vsftpd
Installation is simple, run the following command

https://codedoneright.eu/?page_id=302 2/8
12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

sudo apt install vsftpd

Daemon will be configured using the default configuration file located here

/etc/vsftpd.conf

and, by default, vsftpd will be started immediately and every time your server boots up the FTP service will start
on its own as well.

It is a good idea to make a backup of the config file so that purging and reinstalling will not be necessary in case
we screw up the config too much. Run the following command

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_OLD

If you want to remove the modified config and restore the original run the following two commands

sudo rm /etc/vsftpd.conf
sudo cp /etc/vsftpd.conf_OLD /etc/vsftpd.conf

Backup of our config will remain as _OLD in case you screw up again.

vsftpd con guration


Everything is done via the configuration file mentioned above. If you want a more in-depth explanation of
expressions used in the configuration file, follow this link. For now we will just configure the server so that you
can download and upload files, while being able to navigate the whole filesystem.

CAUTION default values of the vsftpd.conf change between version, default config is pretty strict though

CAUTION some of the lines I am instructing you to put in the file are already there. Make sure the lines you are
adding are not already present in the file. If they are, you can modify them directly or comment them out by
putting # sign at the beginning of the line and adding all your custom lines in one place

Open the configuration file by running

sudo nano /etc/vsftpd.conf

First, we want to tell vsftpd to open connections on ports specified by us in the security part of the tutorial, add
the following to the config

https://codedoneright.eu/?page_id=302 3/8
12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

pasv_min_port=$PASSIVE_MIN
pasv_max_port=$PASSIVE_MAX

If you do not remember which range you have opened run the following

sudo ufw status numbered

Or go here for a refresher about UFW

Next, we want to make sure that anonymous users cannot log in, but local users can, local meaning users with
accounts on your server. We also want to be able to upload files as well. Add the following three lines to the
config

anonymous_enable=NO
local_enable=YES
write_enable=YES

You can specify the folder we created previously to be opened upon logging in by adding

local_root=/var/ftp/

Now let up reload the config file by running the following command

sudo service vsftpd reload

That is basically it, you should be able to connect to your server now.

Connecting to your FTP server


With browser
You can test the FTP with your browser. Type the local IP address of your server in the address bar, in the
following manner

ftp://your.local.ip.address

put your credentials (user and password), and it should display the contents of the /var/ftp/ folder

You will not be able to upload files with your browser.

https://codedoneright.eu/?page_id=302 4/8
12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

With FileZilla
FileZilla is a great and free FTP client which will help us to upload and download from our server. Grab it from
here.

Once you open the FileZilla client, take a look at the top of your screen. You should be able to find the following

FileZilla connection panel

In the Host field put your server IP, fill out the username and password fields as well and click Quickconnect

FileZilla should take you to your /var/ftp/ folder. You can download and upload files as you wish. If you cannot
upload files check if vsftpd.conf file has write_enabled=YES directive and that the user you are logged in as has
permission to write to that folder (see chmod command to rectify that).

Securing your FTP server connection with a certi cate


Once you have a certificate, you can use it with FTP as well. In order to enable the certificate, go back to
vsftpd.conf file and change the following three lines

#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

To those

/etc/letsencrypt/live/example.com/fullchain.pem
/etc/letsencrypt/live/example.com/privkey.pem
ssl_enable=YES

Substitute example.com with the FQDN of your website. Certbot will tell you where exactly is your certificate,
you can copy file paths to a local file for ease of use. Jut keep them private, even the links. This information
certifies that your website is actually what it seems to be.

After enabling the certificate you have lost the ability to connect to your FTP server with a browser, as they are
unable to provide a SSL connection over FTP. It is just the way it is.

FileZilla on the other hand, upon your first connection, will display a window informing you about the certificate of
your server. It will look something like this

https://codedoneright.eu/?page_id=302 5/8
12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

Image credit digicert.com

For convenience you can tick the box at the bottom and FileZilla will remember your certificate upon future
secure connections.

Since it is only you who will use the FTP server, you can skip certificate part entirely. Seriously, do not connect
via FTP to your server from outside your local network.

Enabling and disabling FTP server


If you are not actively using FTP you might as well disable the service. Why constantly run something that is not
in use? Enable it only when you need to upload something, and then disable it again.

To disable the service run the following command

sudo service vsftpd stop

If you want to enable the service run the following

sudo service vsftpd start

https://codedoneright.eu/?page_id=302 6/8
12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

Any FTP connection will be impossible with vsftpd service stopped, that should be obvious. Remember that
when you are scratching your head and trying to figure out why you cannot connect to upload your photos any
more.

To check if FTP is running type the following

sudo service vsftpd status

If you want to start, stop or check other services just substitute vsftpd with the service name.

Conclusion
FTP is not the best way of serving files to users, but it is an invaluable tool for us to upload to our server. If you
want to upload dozens of pictures for your WordPress site you can do it in a jiffy rather than use the WordPress
Media tab and upload one by one.

Just make sure that you do not open the server to everybody in the whole world.

Leave a Reply
Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

https://codedoneright.eu/?page_id=302 7/8
12/12/2020 FTP server the easy way with vsftpd — Code Done Right!

Save my name, email, and website in this browser for the next time I comment.

post comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2020 Code Done Right!. Theme by Colorlib Powered by WordPress Privacy policy

https://codedoneright.eu/?page_id=302 8/8

You might also like