An Ubuntu 16.04 server with a non-root user with sudo privileges: You can learn more about how to set up a user with these privileges in our Initial Server Setup with Ubuntu 16.04 guide. Once you have an Ubuntu server in place, you're ready to begin.
sudo apt-get update
sudo apt-get install vsftpd
When the installation is complete, we'll copy the configuration file so we can start with a blank configuration, saving the original as a backup.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
With a backup of the configuration in place, we're ready to configure the firewall.
sudo ufw status
In this case, only SSH is allowed through:Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
You may have other rules in place or no firewall rules at all. Since only ssh traffic is permitted in this case, we’ll need to add rules for FTP traffic.
We'll need to open ports 20 and 21 for FTP, port 990 for later when we enable TLS, and ports 40000-50000 for the range of passive ports we plan to set in the configuration file:
For this tutorial, we're going to create a user, but you may already have a user in need of FTP access. We'll take care to preserve an existing user’s access to their data in the instructions that follow. Even so, we recommend you start with a new user until you've configured and tested your setup.
First, we’ll add a test user:
sudo adduser sammy
Assign a password when prompted and feel free to press "ENTER" through the other prompts.FTP is generally more secure when users are restricted to a specific directory.
vsftpd accomplishes this with chroot jails.
When chroot is enabled for local users, they are restricted to their home directory by default. However, because of the way vsftpd secures the directory, it must not be writable by the user. This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also shell access.
sudo mkdir /home/sammy/ftp
sudo chown nobody:nogroup /home/sammy/ftp
sudo chmod a-w /home/sammy/ftp
Let's verify the permissions:sudo ls -la /home/sammy/ftp
Output
total 8
4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
4 drwxr-xr-x 3 sammy sammy 4096 Aug 24 21:29 ..
sudo vi /etc/vsftpd.conf
Next we'll need to change some values in the file. In order to allow the user to upload files, we’ll uncomment the write_enable setting so that we have:
We’ll also uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree.
We’ll add a user_sub_token in order to insert the username in our local_root directory path so our configuration will work for this user and any future users that might be added.
bypass the writable check in the vsftpd config file by running the following two commands:
sudo vi /etc/vsftpd/vsftpd.conf
addallow_writeable_chroot=YES to the file , save and exit by :wq
restart the ftp server
systemctl restart vsftpd
then go to the filezila .. click on site manager and add the crdentials
.. also set File > Site Manager > Select your site > Transfer Settings > Active