Linux and FTP

I love linux. Everything about linux. It’s versatility, the cost….especially the cost. It is amazing and it has an amazing community where we can come together to solve issues we are having with computing. I am currently studying for my Linux certification and I learn best by doing projects. One project that I thought would be simple enough would be to set up an FTP server. Luckily, I have an ESXI host that I use as my very own computer lab. The first thing I did was install Ubuntu 18.04 as a VM on my computer lab. This is quick and easy and does not take a lot of time. Make sure to update your installation with this command:

sudo apt update && sudo apt upgrade -y

This will update and upgrade everything at once. It will prompt you for a password after you enter this command. This should only take a few minutes depending on how up to date your download of Ubuntu is. Once that is completed we are going to install VSFTPD with this command:

sudo apt install vsftpd -y

There you installed it! Now that part is done we will want to configure it to start on boot time. First we start the service using this command:

sudo systemctl start vsftpd

Then we will want to it to start on boot. Just in case we ever need to reboot the server we will want the service to start on boot so we don’t need to go in and start it manually. That command is as follows:

sudo systemctl enable vsftpd

Congratulations! You have installed vsftpd on your Ubuntu Linux server and it only took a few minutes to do so. Now we have to add an ftp file structure along with a user for our ftp server file permissions. We can add a user with the following command:

sudo adduser user (user is any user name you would like to pick)

Next, we can make an ftp file structure, after all, we don’t want to be storing files in the root directory or any other place that is vulnerable. We can add an ftp file structure with this command:

sudo mkdir /home/vsftp/ftp

sudo chown nobody:nogroup /home/vsftp/ftp

sudo chmod a-w /home/vsftp/ftp

Next we will create a file and give ownership to your ftp user

sudo mkdir /home/vsftp/ftp/test

sudo chown ftpuser:ftpuser /home/vsftp/ftp/test

Next we will want to configure the ftp server using the vsftpd.conf file. We will want to save a copy of the original vsftpd.conf file and we can do that with this command:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

Next we can edit the vsftpd.conf file with your favorite file editor. Mine is nano so that is what I will use with this command:

sudo nano /etc/vsftpd.conf

Add these lines to the config file:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

As you can see from the code above, we are using a user list. What we need to do next is open that user list and put our user on it with the following command:

sudo nano /etc/vsftpd.userList

add the user to the userList by typing and the saving the document. After that we will want to restart the ftp service with the following command:

sudo systemctl restart vsftpd

At this point, you are all installed and good to go, but if you are working in an environment that needs security you will need to secure this with SSL/TLS. We will need to create a certificate and a folder to hold the certificate with the following commands:

sudo mkdir /etc/cert
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem

Now we will need to add some lines to the vsftpd.conf file to let the ftp program know that we are using security. Please add the following lines:

rsa_cert_file=/etc/cert/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Save the file and then restart vsftpd. If you would like to get to this server from outside your domain that will require port forwards on your router, which I am sure your system administrator can handle. You should be able to access these files now through your favorite file server client. Mine is Filezilla which is also available for free installation and download. If you are on a linux computer the command is as follows:

sudo apt install filezilla -y

Once it is installed you can access the file server. I hope you found this tutorial helpful! I will be coming to you with more tutorials in the future. Let me know what you want me to write about by contacting me on my contact page!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close