Configuring FTP Access on Ubuntu

Configuring FTP on Ubuntu is fairly trivial, but securing it requires some learning. Here’s what I had to do configure FTP and allow users to access it.

1. Install the FTP server

 sudo apt-get install vsftpd

2. Create a new user

You can additionally disable shell access to the ftpuser., in my case I needed shell access.

 sudo useradd ftpuser

You can skip the step 2 and use the “ftp” user that gets created when you install vsftpd. In my case I needed a new user.

3. Restrict the ftpuser’s access to file system and jail them to their home dir

Edit the /etc/vsftpd.conf and make the following change

 chroot_local_user = Yes

4. Restart vsftpd

 sudo /etc/init.d/vsftpd restart

You should be able to access and write to ftpuser’s home directory now.

Additional Details:

 Change default FTP upload directory for the ftp user created by vsftpd:
 sudo mkdir /srv/file_dir/ftp
 sudo usermod -d /srv/file_dir/ftp ftp

The -d option to usermod changes the home directory of ftp user to /srv/file_dir/ftp

Allow ftpuser to access a specific folder outside home directory when chroot is enabled.

Lets assume you need FTP access to /var/www/files, then we need to do something like this:

 mkdir /home/ftpuser/www_files
 mount --bind /var/www/files /home/ftpuser/www_files

Now, the /var/www/files directory is bound to your /home/ftpuser/www_files and is visible in your home directory listing. In case you get permission errors , make sure the ftpuser has enough access to -/var/www/files

To make the changes permanent add the following configuration to /etc/fstab

 /var/www/files /home/ftpuser/www_files none bind 0 0

Enable Anonymous downloads

If you wish to enable anonymous downloads edit /etc/vsftpd.conf and change.

 anonymous_enable=Yes

It is recommended to turn off this feature unless you are absolutely certain you need this.

References:

https://help.ubuntu.com/12.04/serverguide/ftp-server.html

http://www.ducea.com/2006/07/27/allowing-ftp-access-to-files-outside-the-home-directory-chroot/

http://linux.about.com/od/commands/l/blcmdl8_usermod.htm

 

Leave a Reply

Your email address will not be published. Required fields are marked *