User Tools

Site Tools


ftp-install

How to install an FTP Server

  • Install vsftpd
sudo apt update && sudo apt install vsftpd
  • Once installed check status
vsftpd.service - vsftpd FTP server
     Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-04-27 19:35:30 IST; 13s ago
   Main PID: 54532 (vsftpd)
      Tasks: 1 (limit: 1137)
     Memory: 652.0K
     CGroup: /system.slice/vsftpd.service
             └─54532 /usr/sbin/vsftpd /etc/vsftpd.conf
 
Apr 27 19:35:30 ubuntu systemd[1]: Starting vsftpd FTP server...
Apr 27 19:35:30 ubuntu systemd[1]: Started vsftpd FTP server.'
  • Configure Firewall
sudo ufw allow 20/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw allow 990/tcp
  • Add FTP user
sudo adduser ftpuser
  • Add the user to the webserver root directory
sudo usermod -d /var/www ftpuser
  • Allow ftp user to write and alter documents in the web directory
sudo chown ftpuser:ftpuser /var/www/html

Configure vsftpd

  • Rename config file
sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak
  • Create a new config file
sudo nano /etc/vsftpd.conf
  • Paste in the following
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=40000
pasv_max_port=50000
allow_writeable_chroot=YES
  • Save the file
  • Restart vsftpd
sudo systemctl restart vsftpd

Now, if this was purely to just upload files we can stop here, however, normally you want to FTP a site that is for the web, so we need to be able to have the FTP user/group work in tandem with the www-data user/group.

So, here is what is needed:

  • Create a new group (www-pub) and add the users to that group
sudo groupadd www-pub
  • Add FTP user AND www-data to the group
usermod -a -G www-pub ftpuser
 
usermod -a -G www-pub www-data
  • Check that the users are part of all groups
sudo groups ftpuser
 
sudo groups www-data
  • Change ownership of everything under the web directory
sudo chown -R root:www-pub /where/your/web/directory/is
  • Then change the permissions (or certain web sites won't work - such as NextCloud or WHMCS)
sudo chmod 2775 /where/your/web/directory/is
  • In detail, this is what each number is doing:2=set group id, 7=rwx for owner (root), 7=rwx for group (www-pub), 5=rx for world (including nginx www-data user)

Then you should be able to FTP to a site without changing permissions all over the place!

ftp-install.txt · Last modified: 2023/05/17 22:52 by 127.0.0.1