Hey there Ubuntu users. This is a small how to guide, in order to setup a FTP server in Ubuntu 11.04 Server Edition using terminal only.
First you ' ll need to download vsftpd package from repos. Make sure that your list is updated.
sudo apt-get update
sudo apt-get install vsftpd
The service that will be used for the FTP server is vsftp under /etc/init.d/vsftpd
The configuration file for vsftpd can be accessed by typing
sudo nano /etc/vsftpd.conf
It is there where all configuration actions will take place. There many issues to be covered here.
Inside the conf file there are examples of what to allow and what to tweak. By uncommenting or uncommenting (#) each particular line will be read or not. Give it a look. If there is something you don't understand, just leave it as it is. Maybe by the end of this guide you' ll figure out what it does.
First by default anonymous users are not allowed.
anonymous-enable=NO
I suggest leaving that this way.
In addition by default local system users are allowed.
local_enable=YES
If you and the users to access through FTP know what they are doing you can uncomment this line.
#write_enable=YES
You can get the list of supported FTP commands here from wiki.
vsftp uses by default port 20
connect_from_port_20=YES
Leave as it is. If you change it, make sure to port forward the same port in you router and to allow the same port in your firewall. My suggestion is to leave it as is, setup the server and then when everything runs smooth you can experiment. For this guide, port 20 is used.
There more options below, such as to allow users to create directories etc. We stick to the basic issues since most of the other options depend on one's needs.
Find the line
nopriv_user=ftpsecure
This is the default user to access through ftp. This user is not created or exist by default in your system. We must create it. First list the current available users in your system to get a clue of how many they are.
cat /etc/passwd |cut -d":" -f1
As you can see there is no ftpsecure one. Let's create it.
OK hold it. One might say "Why create a user and not use one that already exists?"
The answer is simple. It will save time to check and change the privileges for each one of them. In addition some of them are blocked vsftpd by default.
sudo cat /etc/ftpusers
to list of the users BLOCKED by default. You can add the users from the previous list (cat /etc/passwd |cut -d":" -f1) in this file to block them, or some of them for security reasons.
OK. Let's proceed to create the user
sudo adduser -m /home/ftpsecure ftpsecure
This will create the user ftpsecure and create his home folder in /home/ftpsecure.
Let's move back to the conf file (sudo nano /etc/vsftpd.conf)
Find the line
chroot_local_user=YES
and I suggest to uncomment it. This wil resctrict the ftpsecure user to his home directory, otherwise the user will be able to go through the filesystem. This means that any files you want to share through FTP should be placed in this directory.
If you have enabled the ftp commands (check above), or not, this can be a security issue.
Save the changes done.
In order for them to take effect, restart the service
sudo restart vsftpd
However, we are not done. Or better say, we must not end here. For those who have not setup the firewall, suggestions are listed below.
I suggest ufw to manage the firewall. Check the status
sudo ufw status
enable it or disable it by typing
sudo ufw enable / disable
There are two default policies for the firewall. Either block all incoming unless otherwise expressed with rules, or allow all incoming connections unless otherwise blocked by rules.
I suggest to block all incoming and to add rules to allow specific ports, protocols or services to access you.
sudo ufw default deny (or) allow
according to your needs. I ll continue assuming I have chosen the deny one.
sudo ufw status
will list any existing rules. Type
sudo ufw app list
to check the allowed services. Now type
sudo cat /etc/service | grep ftp | cat
to list the services for FTP. To add a rule for port 20 and TCP protocol in ufw type
sudo ufw allow 20/tcp
Check it by typing sudo ufw status
Finally make sure to enable the firewall logging by typing
sudo ufw logging on.
This is where the guide should end, but some may have problems sharing files though Samba to put them in the /home/ftpsecure directory and share them though FTP. What's the point to create an FTP server if its hard to share files between network ? :)
First
sudo apt-get install smbfs
to install smb packages. Then create a password for the user whose folder you wish to share. In our case it the the ftpsecure user, so that we share his home directory and through files locally.
Create a samba password for that user
sudo smbpasswd -a ftpsecure
Then add some lines to the smb.conf file
sudo nano /etc/samba/smb.conf
Add those lines
comment = ftpsecure Private Files
path = /home/ftpsecure
valid users = ftpsecure
public = no
writable = yes
Exit and save.
Restart samba service and your done.
sudo restart smbd && nmbd
(if you have chosen the deny policy for ufw, then you must add the samba service in the allow rules, as shown above)
Good luck.
First you ' ll need to download vsftpd package from repos. Make sure that your list is updated.
sudo apt-get update
sudo apt-get install vsftpd
The service that will be used for the FTP server is vsftp under /etc/init.d/vsftpd
The configuration file for vsftpd can be accessed by typing
sudo nano /etc/vsftpd.conf
It is there where all configuration actions will take place. There many issues to be covered here.
Inside the conf file there are examples of what to allow and what to tweak. By uncommenting or uncommenting (#) each particular line will be read or not. Give it a look. If there is something you don't understand, just leave it as it is. Maybe by the end of this guide you' ll figure out what it does.
First by default anonymous users are not allowed.
anonymous-enable=NO
I suggest leaving that this way.
In addition by default local system users are allowed.
local_enable=YES
If you and the users to access through FTP know what they are doing you can uncomment this line.
#write_enable=YES
You can get the list of supported FTP commands here from wiki.
vsftp uses by default port 20
connect_from_port_20=YES
Leave as it is. If you change it, make sure to port forward the same port in you router and to allow the same port in your firewall. My suggestion is to leave it as is, setup the server and then when everything runs smooth you can experiment. For this guide, port 20 is used.
There more options below, such as to allow users to create directories etc. We stick to the basic issues since most of the other options depend on one's needs.
Find the line
nopriv_user=ftpsecure
This is the default user to access through ftp. This user is not created or exist by default in your system. We must create it. First list the current available users in your system to get a clue of how many they are.
cat /etc/passwd |cut -d":" -f1
As you can see there is no ftpsecure one. Let's create it.
OK hold it. One might say "Why create a user and not use one that already exists?"
The answer is simple. It will save time to check and change the privileges for each one of them. In addition some of them are blocked vsftpd by default.
sudo cat /etc/ftpusers
to list of the users BLOCKED by default. You can add the users from the previous list (cat /etc/passwd |cut -d":" -f1) in this file to block them, or some of them for security reasons.
OK. Let's proceed to create the user
sudo adduser -m /home/ftpsecure ftpsecure
This will create the user ftpsecure and create his home folder in /home/ftpsecure.
Let's move back to the conf file (sudo nano /etc/vsftpd.conf)
Find the line
chroot_local_user=YES
and I suggest to uncomment it. This wil resctrict the ftpsecure user to his home directory, otherwise the user will be able to go through the filesystem. This means that any files you want to share through FTP should be placed in this directory.
If you have enabled the ftp commands (check above), or not, this can be a security issue.
Save the changes done.
In order for them to take effect, restart the service
sudo restart vsftpd
However, we are not done. Or better say, we must not end here. For those who have not setup the firewall, suggestions are listed below.
I suggest ufw to manage the firewall. Check the status
sudo ufw status
enable it or disable it by typing
sudo ufw enable / disable
There are two default policies for the firewall. Either block all incoming unless otherwise expressed with rules, or allow all incoming connections unless otherwise blocked by rules.
I suggest to block all incoming and to add rules to allow specific ports, protocols or services to access you.
sudo ufw default deny (or) allow
according to your needs. I ll continue assuming I have chosen the deny one.
sudo ufw status
will list any existing rules. Type
sudo ufw app list
to check the allowed services. Now type
sudo cat /etc/service | grep ftp | cat
to list the services for FTP. To add a rule for port 20 and TCP protocol in ufw type
sudo ufw allow 20/tcp
Check it by typing sudo ufw status
Finally make sure to enable the firewall logging by typing
sudo ufw logging on.
This is where the guide should end, but some may have problems sharing files though Samba to put them in the /home/ftpsecure directory and share them though FTP. What's the point to create an FTP server if its hard to share files between network ? :)
First
sudo apt-get install smbfs
to install smb packages. Then create a password for the user whose folder you wish to share. In our case it the the ftpsecure user, so that we share his home directory and through files locally.
Create a samba password for that user
sudo smbpasswd -a ftpsecure
Then add some lines to the smb.conf file
sudo nano /etc/samba/smb.conf
Add those lines
comment = ftpsecure Private Files
path = /home/ftpsecure
valid users = ftpsecure
public = no
writable = yes
Exit and save.
Restart samba service and your done.
sudo restart smbd && nmbd
(if you have chosen the deny policy for ufw, then you must add the samba service in the allow rules, as shown above)
Good luck.
Comments
Post a Comment