To follow along with this tutorial you will need:

An Ubuntu 16.04 server with a non-root user with sudo privileges: You can learn more about how to set up a user with these privileges in our Initial Server Setup with Ubuntu 16.04 guide. Once you have an Ubuntu server in place, you're ready to begin.

Step 1 - Installing vsftpd

We'll start by updating our package list and installing the vsftpd daemon:

sudo apt-get update
sudo apt-get install vsftpd

When the installation is complete, we'll copy the configuration file so we can start with a blank configuration, saving the original as a backup.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

With a backup of the configuration in place, we're ready to configure the firewall.

Step 2 - Opening the Firewall

We'll check the firewall status to see if it’s enabled. If so, we’ll ensure that FTP traffic is permitted so you won’t run into firewall rules blocking you when it comes time to test.

sudo ufw status

In this case, only SSH is allowed through:

Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)

You may have other rules in place or no firewall rules at all. Since only ssh traffic is permitted in this case, we’ll need to add rules for FTP traffic.

We'll need to open ports 20 and 21 for FTP, port 990 for later when we enable TLS, and ports 40000-50000 for the range of passive ports we plan to set in the configuration file:

in aws go to the securety group of the instance and add the inbound rules ( open ports )

sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:50000/tcp sudo ufw status

Preparing the User Directory

For this tutorial, we're going to create a user, but you may already have a user in need of FTP access. We'll take care to preserve an existing user’s access to their data in the instructions that follow. Even so, we recommend you start with a new user until you've configured and tested your setup.

First, we’ll add a test user:

sudo adduser sammy

Assign a password when prompted and feel free to press "ENTER" through the other prompts.

FTP is generally more secure when users are restricted to a specific directory.
vsftpd accomplishes this with chroot jails.
When chroot is enabled for local users, they are restricted to their home directory by default. However, because of the way vsftpd secures the directory, it must not be writable by the user. This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also shell access.

In this example, rather than removing write privileges from the home directory, we're will create an ftp directory to serve as the chroot and a writable files directory to hold the actual files. Create the ftp folder, set its ownership, and be sure to remove write permissions with the following commands:

sudo mkdir /home/sammy/ftp

sudo chown nobody:nogroup /home/sammy/ftp

sudo chmod a-w /home/sammy/ftp

Let's verify the permissions:

sudo ls -la /home/sammy/ftp

total 8
4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
4 drwxr-xr-x 3 sammy sammy 4096 Aug 24 21:29 ..


Step 4 — Configuring FTP Access

We're planning to allow a single user with a local shell account to connect with FTP. The two key settings for this are already set in vsftpd.conf. Start by opening the config file to verify that the settings in your configuration match those below:

sudo vi /etc/vsftpd.conf


. . .
# Allow anonymous FTP? (Disabled by default).
# Uncomment this to allow local users to log in.
. . .

Next we'll need to change some values in the file. In order to allow the user to upload files, we’ll uncomment the write_enable setting so that we have:

. . .
. . .

We’ll also uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree.

. . .
. . .

We’ll add a user_sub_token in order to insert the username in our local_root directory path so our configuration will work for this user and any future users that might be added.

bypass the writable check in the vsftpd config file by running the following two commands:

sudo vi /etc/vsftpd/vsftpd.conf

add allow_writeable_chroot=YES to the file , save and exit by :wq

restart the ftp server

systemctl restart vsftpd

then go to the filezila .. click on site manager and add the crdentials

.. also set File > Site Manager > Select your site > Transfer Settings > Active