Setup FTP server on Ubuntu 14.04

Setup FTP server on Ubuntu 14.04

Step 1 » Update repositories .

mogibu@mogibu:~$ sudo apt-get update

Step 2 » Install VsFTPD package using the below command.

mogibu@mogibu:~$ sudo apt-get install vsftpd

Step 3 » After installation open /etc/vsftpd.conf file and make changes as follows.

Uncomment the below lines (line no:29 and 33).

write_enable=YES

local_umask=022

» Uncomment the below line (line no: 120 ) to prevent access to the other folders outside the Home directory.

chroot_local_user=YES

and add the following line at the end.

allow_writeable_chroot=YES

» Add the following lines to enable passive mode.

pasv_enable=Yes

pasv_min_port=40000

pasv_max_port=40100

Step 4 » Restart vsftpd service using the below command.

mogibu@mogibu:~$ sudo service vsftpd restart

Step 5 » Now ftp server will listen on port 21. Create user with the below command.Use /usr/sbin/nologin shell to prevent access to the bash shell for the ftp users .

mogibu@mogibu:~$ sudo useradd -m mogi -s /usr/sbin/nologin

mogibu@mogibu:~$ sudo passwd mogi

Step 6 » Allow login access for nologin shell . Open /etc/shells and add the following line at the end.

/usr/sbin/nologin

Now try to connect this ftp server with the username

on port 21 using winscp or filezilla client and make sure that user cannot access the other folders outside the home directory.

Please note using ftp on port 21 is a big security risk . it’s highly recommended to use SFTP. Please continue for SFTP configuration

Secure FTP ( SFTP )

SFTP is called as “Secure FTP” which generally use SSH File Transfer Protocol . so we need openssh-server package installed , Issue the below command if it’s not already installed.

mogibu@mogibu:~$ sudo apt-get install openssh-server

Step 7 » Create a new group ftpaccess for FTP users.

mogibu@mogibu:~$ sudo groupadd ftpaccess

Step 8 » Now make changes in this /etc/ssh/sshd_config file.

» Find and comment the below line

Subsystem sftp /usr/lib/openssh/sftp-server

and Add these lines at the end of the file.

Subsystem sftp internal-sftp

Match group ftpaccess

ChrootDirectory %h

X11Forwarding no

AllowTcpForwarding no

ForceCommand internal-sftp

Step 9 » Restart sshd service.

mogibu@mogibu:~$ sudo service ssh restart

Step 10 » The below steps must be followed while creating Users for sftp access.

Create user mogi with ftpaccess group and /usr/bin/nologin shell.

mogibu@mogibu:~$ sudo useradd -m mogi -g ftpaccess -s /usr/sbin/nologin

mogibu@mogibu:~$ sudo passwd mogi

Change ownership for the home directory.

mogibu@mogibu:~$ sudo chown root /home/mogi

Create a folder inside home directory for writing and change ownership of that folder.

mogibu@mogibu:~$ sudo mkdir /home/mogi/www

mogibu@mogibu:~$ sudo chown mogi:ftpaccess /home/mogi/www

Now try to connect server using SFTP ( port : 22 ) and makesure Users can upload files to www directory and cannot

access other folders outside home directory.

If you want use both FTP and SFTP together, please perform above steps ( Step 10 ) while creating users . For existing users, move them to ftpaccess group and create folder structure and ownership changes as below.

mogibu@mogibu:~$ sudo usermod mogi -g ftpaccess -s /usr/sbin/nologin

mogibu@mogibu:~$ sudo chown root /var/www/html/xe

mogibu@mogibu:~$ sudo mkdir /home/mogi/www

mogibu@mogibu:~$ sudo chown mogi:ftpaccess /var/www/html/xe

mogibu@mogibu:~$ sudo chown mogi:mogi /var/www/html/xe

mogibu@mogibu:~$ sudo chmod 707 /var/www/html/xe

Now  mogi can able to upload files to www folder using FTP as well as SFTP.