PDF download Download Article
Allow users to transfer files to and from your Linux server with VSFTPD
PDF download Download Article

If you want to allow FTP connections to your Ubuntu Linux server or workstation, VSFTPD is the preferred option. VSFTPD (Very Secure File Transfer Protocol Daemon) makes it easy to set up any type of FTP server on Linux, including anonymous FTP, user-authenticated FTP, and even FTP over SSL (FTPS). This wikiHow article will teach you how to set up an FTP server on Ubuntu Linux, tricks to make it more secure, and give you tips on connecting and transferring files.

Things You Should Know

  • Install VSFTPD from Ubuntu's repositories using sudo apt install vsftpd.
  • Use the file /etc/vsftpd.conf to set up and make changes to your FTP server configuration.
  • FTP is not encrypted by default, so if you allow users to authenticate, set up FTPS (FTP over SSL).
Section 1 of 5:

Installing VSFTPD

PDF download Download Article
  1. You can skip this step if you're connected to an Ubuntu server remotely. If you want to set up an FTP server on your Ubuntu desktop workstation, press Ctrl + Alt + T to open a terminal now.
    • Keep in mind that FTP is not encrypted. Don't use FTP to transfer secure files.
  2. This updates your package list.
    • When prompted, enter your password to continue.
    Advertisement
  3. This installs VSPFD, a super fast FTP server for Linux. [1]
  4. To ensure your FTP server is always available when people need it, use this command to make it start each time your server boots.
  5. The FTP server will now start. You can make sure it's running by issuing the command sudo systemctl status vsftpd .
  6. Advertisement
Section 2 of 5:

Allowing Local Users

PDF download Download Article
  1. If you want to allow people with accounts on your Ubuntu system to FTP to the server, you just need to make a few changes to your configuration file.
    • If you haven't already, make a backup of the config file before editing: sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_backup .
    • To use nano to edit vsftpd.conf, type sudo nano /etc/vsftpd.conf and press Enter . Alternatively, you can use Vim or any other editor.
  2. Scroll down to "local_enable" line. If there's a # symbol in front of it, delete that symbol. Then, make sure local_enable= YES .
  3. If you want to allow people with accounts to upload files to their home directories via FTP, scroll down to the "write_enable " line and remove the # symbol to uncomment it. Make sure "write_enable" is set to YES .
  4. If you only want FTP users to be able to access their own home directories (and you should want that), you can use chroot to limit user access. Here's how:
    • To limit all users to their home directories, uncomment the line "chroot_local_user=YES" by deleting the hash mark (#) before it.
    • If you'd rather limit specific users to their home directories:
      • First, uncomment these lines: chroot_list_enable=YES and chroot_list_file=/etc/vsftpd.chroot_list
      • Save and exit the config file.
      • Type sudo nano /etc/vsftpd.chroot_list (or use your preferred text editor) to create the VSFTPD chroot list.
      • List each user you want to restrict to their home directories on individual lines.
      • Save the file.
  5. By default, accounts like root, daemon, and sys cannot make FTP connections to the server. You can add additional users by opening /etc/ftpusers (you'll need to use sudo ) and adding usernames to the list. [2]
  6. Users can now FTP to the server.
  7. Advertisement
Section 3 of 5:

Setting Up Anonymous FTP

PDF download Download Article
  1. By default, VSFTPD only allows authenticated users to upload and download files. If you want to host files on your FTP server that anyone can download, you'll need to edit the VSFTPD config file to allow anonymous FTP.
    • Create a backup of the config file before editing so you can restore the original if needed. To do this, just type sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_backup .
    • To use nano to edit /etc/vsftpd.conf, type sudo nano /etc/vsftpd.conf and press Enter . Alternatively, you can use Vim or any other editor.
  2. Scroll down to the line that says "anonymous_enable=NO," then replace "NO" with YES .
    • If you don't want to allow people with user accounts on this Ubuntu system to log in with their usernames and passwords, scroll down to "local_enable." If it's set to YES, replace it with NO .
    • By default, anonymous users can't upload files to your FTP server. While you can allow anyone to upload files, it can be risky, so we don't encourage it. But if you'd like to, remove the # symbols from the line "anon_upload_enable=YES" AND "write_enable=YES" to uncomment them.
    • When you're finished, save and exit the config file.
  3. VSFTPD creates a user called ftp during installation and sets its home directory to /srv/ftp. If you want to use a different directory for files on your anonymous FTP server, you can change it easily.
    • Create a new directory (if one doesn't already exist) using mkdir -p /directory/name . For example, mkdir -p /srv/ftp/myCompany/files .
    • Then, use sudo usermod -d /srv/ftp/myCompany/files ftp to make the new directory the ftp user's home directory.
  4. You'll need to restart the VSFTPD service each time you change the config file.
  5. Any files you want to make available for download should be placed in the FTP user's home directory. This will allow anonymous users to access and download these files when FTPing to the server anonymously.
    • Now that you've set up anonymous FTP and placed some files in the FTP user's home directory, see Connecting and Transferring Files to learn how others can connect to your FTP server.
  6. Advertisement
Section 4 of 5:

Securing VSFTPD

PDF download Download Article
  1. The FTP protocol is not encrypted, so it's not the safest transfer method. If you're allowing local users to upload and download files, it's best to enable FTPS, which is FTP over SSL. You can use the openssl command to generate a certificate that will stay active for a year.
    • Run the following command to create an RSA key and certificate: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.crt . [3]
    • Follow the prompts to create your certificate. You can skip entering some of the fields, but the following fields are required:
      • Country Name
      • State or Province Name
      • Locality Name (your city)
      • Common Name (this should be your FTP server's hostname or your organization's name)
    • Once finished, you'll have an RSA certificate file at /etc/ssl/certs/vsftpd.crt and a private key at /etc/ssl/private/vsftpd.key. Remember these locations, as you'll need them in a moment.
  2. Use nano, vi, or your preferred text editor.
    • At the bottom of the VSFTP configuration file, you'll see "ssl_enable=NO." Change this value to YES to enable secure connections. [4]
    • If you're allowing anonymous connections, you should also add the following line below: allow_anon_ssl=YES . [5]
    • Add these lines to make SSL connections mandatory:
      • force_local_data_ssl=YES
      • force_local_logins_ssl=YES
      • require_ssl_reuse=NO
      • ssl_ciphers=HIGH
    • If you want to restrict the secure connection type to TLS (recommended), add these three lines:
      • ssl_tlsv1=YES
      • ssl_sslv2=NO
      • ssl_sslv3=NO
  3. To do this:
    • Replace the path "rsa_cert_file" with /etc/ssl/certs/vsftpd.crt
    • Replace the path for "rsa_private_key_file" with /etc/ssl/private/vsftpd.key .
  4. You'll only need to do this if your router is using network address translation (NAT).
    • To do this, add this new line to vsftpd.conf: pasv_address=externalIPaddress . Replace externalIPaddress with the server's external IP.
    • Alternatively, if the server has a domain name, you can add these two lines instead:
      • pasv_addr_resolve=YES
      • pasv_address=your.domain.name
    • You may also need to change the listening port to something other than port 21, which you can do by adding the line listen_port=portnumber .
  5. To restart VSFTPD, run sudo systemctl restart vsftpd.service .
    • If you enable SSL/TLS, users will need to use FTPS—note that FTPS is different than SFTP, which is FTP over SSH . Desktop apps like FileZilla , available for Linux, Windows, and macOS, all support FTPS.
  6. Advertisement
Section 5 of 5:

Connecting & Transferring Files

PDF download Download Article
  1. Whether you're hosting an FTP server on Ubuntu in your home or paying for a server through a hosting service, users will need your IP address or hostname to connect.
    • To find your Ubuntu server's public IP address, use this command: dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
    • If you're only allowing connections from your internal network, use the command ip addr to view your local IP address.
    • If you have a domain name pointing to your IP address, users can use that to connect to your FTP server.
  2. If you're using Ubuntu firewall (UFW), it's easy:
    • First, run the command sudo ufw status to see if traffic is already allowed to the FTP ports (21 and 20). [6]
    • If not, run this command to allow access on these ports: sudo ufw allow 20,21/tcp
  3. If you're hosting an FTP server behind a home or office router or network firewall, you may need to allow inbound connections to TCP ports 20 and 21.
    • Port forwarding varies from router to router, so check your router's documentation for instructions.
  4. Now that your FTP server is running and accessible, users can connect via FTP or SFTP using a file transfer app like FileZilla or the Linux ftp command. Or, if using FTPS, you can use lsftp .
    • Using FileZilla:
      • Enter the hostname or IP address of the FTP server.
      • If connecting with a user account, enter the username. For an anonymous connection, use anonymous as the username and your email address as the password.
      • If using FTPS, choose Passive transfer mode, and "Require explicit FTP over TLS" as the Encryption type.
      • Once you connect, enter your password when prompted, and you'll be taken to your home directory.
    • Command line:
      • To connect with regular FTP, run the command ftp username@<hostname or IP> . You'll then be prompted to enter your password to connect.
      • If connecting anonymously, use anonymous@<hostname or IP> . When prompted, enter your email address (or any email address) as the password.
      • If the server requires SSL, you'll need an FTPS tool like lftp . It doesn't come with Ubuntu, but you can install it using sudo apt install lftp . Lftp can be tricky, so read the man page using man lftp .
  5. If you're using an app like FileZilla, you can easily click and drag files and folders from the left-hand window into the right-hand window to upload them to your FTP server page. If you're using FTP or LFTP (for FTPS) at the command line, these commands will be helpful:
    • cd <directory> and lcd <directory> : When connected via FTP or FTPS, cd navigates remote directories. To change directories locally, use lcd . [7]
    • ls and !ls . While connected, ls lists files in the current remote directory, while !ls lists files in the current local directory.
    • get <filename> : Use this command to download a file from the FTP server.
    • put <filename> : This command uploads a file to the FTP server.
  6. Advertisement

Community Q&A

Search
Add New Question
  • Question
    How do I access the server?
    Community Answer
    Install FileZilla and enter the IP address of your new FTP server in the Host. Then, put your username and password in and hit "Quick Connect." If you receive a message saying your connection was refused, make sure you have list=YES set in the vsftpd.conf file.
  • Question
    How do I restrict the FTP so only select users can log into the service?
    Community Answer
    Follow the directions in the vsftp.conf file. It will tell you exactly what to do. Anonymous access is disabled by default.
  • Question
    It keeps asking me for a password, but I don't have one. What should I do?
    Community Answer
    Use the same credentials you use to log into the computer, assuming you specified yourself as one of the users who can access the site.
See more answers
Ask a Question
      Advertisement

      Tips

      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!
      Advertisement

      Warnings

      • FTP servers aren't always secure, especially if you're hosting one yourself. As such, refrain from uploading sensitive or personal information to an FTP server.
      Advertisement

      About This Article

      Article Summary X

      1. Open a terminal in Ubuntu.
      2. Use apt-get to install VSFTPD.
      3. Open /etc/vsftpd.conf in a text editor.
      4. Remove the hash mark in front of "local_enable=YES."
      5. Remove the hash mark in front of "write_enable=YES."
      6. Remove the hash marks from the two "ascii" entries.
      7. Change the chroot settings.
      8. Remove the hash mark from "ls_recurse_enable=YES."
      9. Save and exit.
      10. Add usernames to the chroot list.

      Did this summary help you?
      Thanks to all authors for creating a page that has been read 1,039,097 times.

      Reader Success Stories

      • Joe Smith

        Feb 2, 2017

        "Thanks, good tutorial! "
      Share your story

      Is this article up to date?

      Advertisement