This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
ftp-install [2020/10/21 23:30] – gwsadmin | ftp-install [2020/12/04 10:50] – gwsadmin | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== How to install an FTP Server ====== | ====== How to install an FTP Server ====== | ||
- | ====== | + | |
- | ====== | + | <code language-bash> |
+ | sudo apt update && sudo apt install vsftpd | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Once installed check status | ||
+ | |||
+ | <code pre-only> | ||
+ | vsftpd.service - vsftpd FTP server | ||
+ | | ||
+ | | ||
+ | Main PID: 54532 (vsftpd) | ||
+ | Tasks: 1 (limit: 1137) | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Apr 27 19:35:30 ubuntu systemd[1]: Starting vsftpd FTP server... | ||
+ | Apr 27 19:35:30 ubuntu systemd[1]: Started vsftpd FTP server.' | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Configure Firewall | ||
+ | |||
+ | <code language-bash> | ||
+ | sudo ufw allow 20/tcp | ||
+ | sudo ufw allow 40000: | ||
+ | sudo ufw allow 40000: | ||
+ | sudo ufw allow 990/tcp | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Add FTP user | ||
+ | |||
+ | <code language-bash> | ||
+ | sudo adduser ftpuser | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Add the user to the webserver root directory | ||
+ | |||
+ | <code language-bash> | ||
+ | sudo usermod -d /var/www ftpuser | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Allow ftp user to write and alter documents in the web directory | ||
+ | |||
+ | <code language-bash> | ||
+ | sudo chown ftpuser: | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | ==== Configure vsftpd | ||
+ | |||
+ | * Rename config file | ||
+ | |||
+ | <code language-bash> | ||
+ | sudo mv / | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Create a new config file | ||
+ | |||
+ | <code language-bash> | ||
+ | sudo nano / | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Paste in the following | ||
+ | |||
+ | <code bash> | ||
+ | listen=NO | ||
+ | listen_ipv6=YES | ||
+ | anonymous_enable=NO | ||
+ | local_enable=YES | ||
+ | write_enable=YES | ||
+ | local_umask=022 | ||
+ | dirmessage_enable=YES | ||
+ | use_localtime=YES | ||
+ | xferlog_enable=YES | ||
+ | connect_from_port_20=YES | ||
+ | chroot_local_user=YES | ||
+ | secure_chroot_dir=/ | ||
+ | pam_service_name=vsftpd | ||
+ | force_dot_files=YES | ||
+ | pasv_min_port=40000 | ||
+ | pasv_max_port=50000 | ||
+ | allow_writeable_chroot=YES | ||
+ | |||
+ | </ | ||
+ | |||
+ | * Save the file | ||
+ | * Restart vsftpd | ||
+ | |||
+ | <code language-bash> | ||
+ | sudo systemctl restart vsftpd | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | Now, if this was purely to just upload files we can stop here, however, normally you want to FTP a site that is for the web, so we need to be able to have the FTP user/group work in tandem with the www-data user/ | ||
+ | |||
+ | So, here is what is needed: | ||
+ | |||
+ | * Create a new group (www-pub) and add the users to that group | ||
+ | |||
+ | <code bash> | ||
+ | sudo groupadd www-pub | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Add FTP user AND www-data to the group | ||
+ | |||
+ | <code bash> | ||
+ | usermod -a -G www-pub ftpuser | ||
+ | |||
+ | usermod -a -G www-pub www-data | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Check that the users are part of all groups | ||
+ | |||
+ | <code bash> | ||
+ | sudo groups ftpuser | ||
+ | |||
+ | sudo groups www-data | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Change ownership of everything under the web directory | ||
+ | |||
+ | <code bash> | ||
+ | sudo chown -R root: | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * Then change the permissions (or certain web sites won't work - such as NextCloud or WHMCS) | ||
+ | |||
+ | <code bash> | ||
+ | sudo chmod 2775 / | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | * In detail, this is what each number is doing:// | ||
+ | |||
+ | **Then you should be able to FTP to a site without changing permissions all over the place!** | ||