Explanation: Installing and configuring FTP under Ubuntu

Source: Internet
Author: User
Tags echo command ftp connection ftp login file transfer protocol

FTP (File Transfer Protocol) is an older and most commonly used standard network protocol for uploading/downloading files across a network between two computers. However, FTP is not secure at first because it transmits data only through user credentials (user name and password) and is not encrypted.

Warning: If you plan to use FTP, you need to consider configuring an FTP connection via SSL/TLS. Otherwise, using secure FTP, such as SFTP, is better.

In this tutorial, I'll show you how to install, configure, and protect an FTP server in Ubuntu (the full name of VSFTPD is "Very Secure ftp Deamon"), which provides a powerful security against FTP vulnerabilities.

First step: Install the VSFTPD server in Ubuntu

First, we need to update the list of system installation packages and then install the VSFTPD binary package as follows:

$ sudo apt-get update$ sudo apt-get install vsftpd

Once the installation is complete, the service is initially disabled. Therefore, we need to manually turn on the service and, at the same time, start it to automatically turn on the service at the next boot:

-------------on SystemD-------------# systemctl start vsftpd# systemctl enable vsftpd-------------on Sysvinit--------- ----# service VSFTPD start# chkconfig--level vsftpd on

Next, if you enable the UFW firewall on the server (which is not enabled by default), you need to open port 20 and the 21--ftp daemon is listening to them--in order to allow access to the FTP service from the remote machine, and then add a new firewall rule like this:

$ sudo ufw allow 20/tcp$ sudo ufw allow 21/tcp$ sudo ufw status

Step Two: Configure and protect the VSFTPD server in Ubuntu

Let's do some configuration to set up and protect the FTP server. First, we create a backup file of the original configuration file /etc/vsftpd/vsftpd.conf as follows:

$ sudo cp/etc/vsftpd.conf/etc/vsftpd.conf.orig

Next, open the VSFTPD configuration file.

$ sudo vi/etc/vsftpd.confor$ sudo nano/etc/vsftpd.conf

Add/Change the following options to the displayed values:

anonymous_enable=no             #  Turn off Anonymous Logon local_enable=yes        #  allow local users to log on write_enable=yes         #  enable  FTP  commands that can modify files local_umask=022              #  Local User-created file  umask  value Dirmessage_ enable=yes           #  displays a prompt message when the user first enters the new directory Xferlog_ enable=yes      #  A log file that contains detailed upload and download information connect_from_port_20=yes         #  Use port  20 (ftp  data) on the server for  PORT  type of connection Xferlog_std_ format=yes          #  keep standard log file format listen=no                #  Block  vsftpd  Running LISTEN_IPV6=YES  &NB in standalone modesp;          # vsftpd  will monitor  ipv6  instead of   IPV4, you can set PAM_SERVICE_NAME=VSFTPD         # VSFTPD based on your network situation   The name of the  PAM  verification device to be used userlist_enable=yes              #  allow  vsftpd  load user Name list tcp_wrappers=yes         #  Open  tcp  Wrapper

Now, configure VSFTPD to allow or deny users access to FTP based on the user list file /etc/vsftpd.userlist .

Note that, by default, if the user list is enabled through userlist_enable=yes and the userlist_deny=yes is set, then the user list file /etc/ users in the vsftpd.userlist are not allowed to log on to access.

However, the option userlist_deny=no reverses the default setting, in which case only users who are explicitly listed in /etc/vsftpd.userlist are allowed to log on to the FTP server.

Userlist_enable=yes # VSFTPD will load the user name list from the given user list file Userlist_file=/etc/vsftpd.userlist # Stores a list of user names Userl Ist_deny=no

It is important that when the user logs on to the FTP server, they will enter the chrooted environment, which will be the home directory when the FTP session is in its root directory.

Next, let's take a look at two possible ways to set up the chrooted (local root) directory, as shown below.

At this point, let's Add/modify/Cancel these two options to restrict the FTP user to their home directory

Chroot_local_user=yesallow_writeable_chroot=yes

The option chroot_local_user=yes means that local users will enter the chroot environment, which is their home directory by default when logged in.

And we want to know that by default, for security reasons, VSFTPD does not allow chroot directories to have writable permissions. However, we can change this setting with the option Allow_writeable_chroot=yes

Save the file and close it. Now we need to restart the VSFTPD service so that the above changes take effect:

-------------on SystemD-------------# systemctl Restart vsftpd-------------on sysvinit-------------# service VSFTPD RE Start

Step three: Test the VSFTP server on Ubuntu

Now, we'll test the FTP server by creating an FTP user using the Useradd command shown below:

$ sudo useradd-m-C "Aaron Kili, contributor"-s/bin/bash aaronkilik$ sudo passwd aaronkilik

Then we need to explicitly list the user Aaronkilik in the file /etc/vsftpd.userlist using the echo command and the tee command as follows:

$ echo "Aaronkilik" | sudo tee-a/etc/vsftpd.userlist$ cat/etc/vsftpd.userlist

Now, it's time to test whether the above configuration has the functionality we want. We first Test anonymous logins, and we can clearly see from the output below that anonymous logons are not allowed on this FTP server:

# FTP 192.168.56.102Connected to 192.168.56.102 (192.168.56.102). Welcome to tecmint.com FTP service. Name (192.168.56.102:aaronkilik): anonymous530 Permission denied. Login failed.ftp> bye221 Goodbye.

Next, we will test if the user's name is not in the file /etc/vsftpd.userlist and is able to log in. From the output below, we see that this is not possible:

# FTP 192.168.56.102Connected to 192.168.56.102 (192.168.56.102). Welcome to tecmint.com FTP service. Name (192.168.56.10:root): user1530 Permission denied. Login failed.ftp> bye221 Goodbye.

We will now proceed to the last test to determine whether the user who is listed in the file /etc/vsftpd.userlist file is actually in the home directory after logging in. From the output below, this is:

# FTP 192.168.56.102Connected to 192.168.56.102 (192.168.56.102). Welcome to tecmint.com FTP service. Name (192.168.56.102:aaronkilik): aaronkilik331 Please specify the password. password:230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.ftp> ls

650) this.width=650; "class=" Alignnone size-full wp-image-55768 "src=" http://www.linuxprobe.com/wp-content/uploads/ 2017/03/ubuntu2-1.png "width=" 722 "height=" 438 "style=" Height:auto; "/>

Confirm FTP Login in Ubuntu

Warning: Setting option Allow_writeable_chroot=yes is dangerous, especially if the user has upload privileges, or can be accessed by the shell, security issues are likely to occur. You can only use this option if you know exactly what you are doing.

We need to be aware that these security issues affect not only the VSFTPD, but also the FTP daemon that allow local users to enter the chroot environment.

For these reasons, in the next step, I will describe a more secure way to help users set up a non-writable local root directory.

Fourth step: Configure the Home directory of the FTP user in Ubuntu

Now, open the VSFTPD configuration file again.

$ sudo vi/etc/vsftpd.confor$ sudo nano/etc/vsftpd.conf

Then use # to comment The unsafe option like this:

#allow_writeable_chroot =yes

Next, create an alternate local root directory for the user (Aaronkilik, you might not be the same), and then set directory permissions to cancel all other users ' write permissions to this directory:

$ sudo mkdir/home/aaronkilik/ftp$ sudo chown nobody:nogroup/home/aaronkilik/ftp$ sudo chmod a-w/home/aaronkilik/ftp

Then, create a directory with the appropriate permissions in the local root directory where the user will store the files:

$ sudo mkdir/home/aaronkilik/ftp/files$ sudo chown-r aaronkilk:aaronkilik/home/aaronkilik/ftp/files$ sudo chmod-r 0770 /home/aaronkilik/ftp/files/

After that, add/modify the following options in the VSFTPD configuration file to the corresponding values:

user_sub_token= $USER # Insert user name local_root=/home/$USER/ftp # in the local root directory to define the local root directory for individual users

Save the file and close it. Then restart the VSFTPD service to make the above settings effective:

-------------on SystemD-------------# systemctl Restart vsftpd-------------on sysvinit-------------# service VSFTPD RE Start

Now, let's take a final look and make sure that the user's local root directory is the FTP directory we created in his Home directory.

# FTP 192.168.56.102Connected to 192.168.56.102 (192.168.56.102). Welcome to tecmint.com FTP service. Name (192.168.56.10:aaronkilik): aaronkilik331 Please specify the password. password:230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.ftp> ls

650) this.width=650; "class=" Alignnone size-full wp-image-55769 "src=" http://www.linuxprobe.com/wp-content/uploads/ 2017/03/ubuntu3.png "width=" 624 "height=" 287 "style=" Height:auto; "/>

FTP User Home Directory Login

Original address:http://www.linuxprobe.com/ubuntu-ftp-service.html

This article is from the "blog" blog, please be sure to keep this source http://coderhsf.blog.51cto.com/12629645/1912772

Explanation: Installing and configuring FTP under Ubuntu

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.