VSFTPD Installation & Setup on Ubuntu
by rosenred in Circuits > Linux
200243 Views, 16 Favorites, 0 Comments
VSFTPD Installation & Setup on Ubuntu
This instructable documents the steps I took in order to install and setup properly VSFTPD (an FTP Server) on an Ubuntu Linux distribution, using command line only. That's right, no GUI! Before I begin, I would like to say that it is my first one, so I would welcome any comments and criticism.
The first question one will have to answer before venturing forth is this: "Do I really need an FTP server?" In theory, FTP is useful in the following two cases:
a. You have content you wish to share with the outside world
b. You need to provide with people a way to send you large files.
My case was a bit different though...The whole thing started when I came across a VIA EPIA ML motherboard and decided to use it as a low consumption download station that would stay on 24/7. The fact that it's CPU is only 667MHz and it's overall performance is not that high, made Linux (console only), practically the only choice. Now, since I had at my disposal a machine that would be always on, I figured I could also use it as a means to transfer files from anywhere to my home.
I know that there other ways to do that and one could argue that they are easier/better. In fact, I normally use Dropbox for my file transferring needs and to tell you the truth I am quite happy with it. The problem is, that Dropbox has a limit of 2,5GB for the free users and other file hosting services have even less than that. With your own private FTP server, the only limit is the size of your disk and the time it will take for the transfer to finish.
If you really insist, I will admit that for most people (myself included) it has no real value other than learning a couple of things and bragging to your friends about your mad computer skills, but still, some others might find it useful. So read on!
The first question one will have to answer before venturing forth is this: "Do I really need an FTP server?" In theory, FTP is useful in the following two cases:
a. You have content you wish to share with the outside world
b. You need to provide with people a way to send you large files.
My case was a bit different though...The whole thing started when I came across a VIA EPIA ML motherboard and decided to use it as a low consumption download station that would stay on 24/7. The fact that it's CPU is only 667MHz and it's overall performance is not that high, made Linux (console only), practically the only choice. Now, since I had at my disposal a machine that would be always on, I figured I could also use it as a means to transfer files from anywhere to my home.
I know that there other ways to do that and one could argue that they are easier/better. In fact, I normally use Dropbox for my file transferring needs and to tell you the truth I am quite happy with it. The problem is, that Dropbox has a limit of 2,5GB for the free users and other file hosting services have even less than that. With your own private FTP server, the only limit is the size of your disk and the time it will take for the transfer to finish.
If you really insist, I will admit that for most people (myself included) it has no real value other than learning a couple of things and bragging to your friends about your mad computer skills, but still, some others might find it useful. So read on!
Background Info
Why VSFTPD?
VSFTPD stands for Very Secure FTP Daemon, so I guess this one is pretty obvious, right? Honestly, I am in no position to verify whether it is indeed the most secure FTP server out there, but what I can tell you is that it is lightweight, it has very descent features and most importantly works problem free. Please note, that there is a good chance you already have it, depending on your distribution and the kind of installation you performed. In such case, you obviously do not need to re-install it.
Why Ubuntu?
Technically, it's not Ubuntu I have installed on my machine, but PepperMint. PepperMint is a light version of Mint Linux, which is in turn based on Ubuntu. The only reason I chose Ubuntu, is because that's what I've used in the past and I am more familiar with. If you are using a different flavor of Linux, you shouldn't have any problem following this instructable. I will try to highlight all the parts you need to change something.
Prerequisites
If you've read this far, I presume that you use your computer for more than Farm ville.You obviously need to have a Linux machine available. If you are looking for a Windows based solution I would recommend FileZilla, which is easy to set up and maintain. Other than that, the only thing you are going to need is internet access on the machine you are going to use. You could chose to setup the FTP server for internal use only, but in that case you will have to manually download and install the required packages.
Disclaimer
The best practice in setting up an FTP server (security wise) is allowing only anonymous access, downloads only. Not even the system administrator should be able to upload something on the server. The content should be put in the FTP directory using other methods. In theory, what I am about to show you here, compromises your system's security, since I will be creating a user that has upload privileges. Although I have taken extra precautions to make it as secure as possible, if you are paranoid about security, please do not follow these instructions.
Installation
Software in Linux comes in what we call packages. I will not go into much detail about that here, there are countless places to go and do some reading. However, if there is something you don't understand, or something you need help with, drop a question and I will do my best to answer.
For this step you need internet access. If you are setting up a machine to be used within your LAN only, you will have to use another machine that has access, download and install the packages manually.
On a terminal (the console - command line) type the following:
sudo apt-get install vsftpd
It will then ask you for your password. Type it and it will connect to the internet and search for the package you told it to. After a while, it will tell you what exactly it intends to install and wait for your confirmation. Press Y on your keyboard and wait for the installation to finish.
Congratulations! You've installed VSFTPD.
In case you are using another distribution, the above command will probably have to be adjusted. For example, in Gentoo Linux, the equivalent of apt-get is emerge, in Suse you use the zypper command and so on. You will probably want to find out how to execute commands with root privileges in your own distribution, since sudo might not exist.
For this step you need internet access. If you are setting up a machine to be used within your LAN only, you will have to use another machine that has access, download and install the packages manually.
On a terminal (the console - command line) type the following:
sudo apt-get install vsftpd
It will then ask you for your password. Type it and it will connect to the internet and search for the package you told it to. After a while, it will tell you what exactly it intends to install and wait for your confirmation. Press Y on your keyboard and wait for the installation to finish.
Congratulations! You've installed VSFTPD.
In case you are using another distribution, the above command will probably have to be adjusted. For example, in Gentoo Linux, the equivalent of apt-get is emerge, in Suse you use the zypper command and so on. You will probably want to find out how to execute commands with root privileges in your own distribution, since sudo might not exist.
Create the FTP Users.
I already said that the most secure configuration of an FTP server would be allowing only anonymous access without write privileges. We are going to deviate from this. We are going to create two users, one that will be able only to download and another that will act as administrator, ie uploading and downloading privileges. Note, that these will be system users too. So we have to take some extra steps in order to make the whole thing more secure.
First you have to decide where you want your FTP folder to be. I chose /home/ftp. So in the terminal type:
sudo mkdir /home/ftp
Now, we need to add the users, but first let's make sure that the only thing the new users can do is log on to our FTP server. Whenever you create a new Linux user, you assign him a default shell he will be using. If you are not sure what I am talking about, take a minute to read a little bit on shells . Using your favorite editor, open /etc/shells file and add a non existing one. I named mine "dummy" as you can see in the picture below.
The plan is to add two FTP users, one that will have both write and read access and a simple user that will only be able to download files. This way, if you want to let a friend of yours to download a file, you don't have to give him write access to your server.
Before you create the users, you must create a Group in which they will belong. By default, Linux creates a user-group with the same name as the user, but we don't want that. So in a terminal type:
sudo groupadd ftp-users
And now we can add our users:
sudo useradd --home /home/ftp --group ftp-users --shell /bin/dummy ftpadmin
sudo passwd ftpadmin
After you give a password for your user, you are done. Repeat the same process for the second user. I named mine ftpguest. You can choose whatever names you want. Try to log on to the system using either one of the new users you created. If you did everything right, you should not be able to log on.
We are almost done. We only need to give our users the right permissions to the FTP directory we created above. First, we change the owner of the directory from root to ftpadmin:
sudo chown -R ftpadmin /home/ftp
And then:
sudo chmod 755 /home/ftp
The outcome of these two commands is that the owner of the directory (ftpadmin) will have full access to the directory and the files within and the rest of the world only read access. Do a ls -l and you should see something like the third picture (which also shows me forgetting the proper switch to the ls command :P )
You can read more on file permissions here.
First you have to decide where you want your FTP folder to be. I chose /home/ftp. So in the terminal type:
sudo mkdir /home/ftp
Now, we need to add the users, but first let's make sure that the only thing the new users can do is log on to our FTP server. Whenever you create a new Linux user, you assign him a default shell he will be using. If you are not sure what I am talking about, take a minute to read a little bit on shells . Using your favorite editor, open /etc/shells file and add a non existing one. I named mine "dummy" as you can see in the picture below.
The plan is to add two FTP users, one that will have both write and read access and a simple user that will only be able to download files. This way, if you want to let a friend of yours to download a file, you don't have to give him write access to your server.
Before you create the users, you must create a Group in which they will belong. By default, Linux creates a user-group with the same name as the user, but we don't want that. So in a terminal type:
sudo groupadd ftp-users
And now we can add our users:
sudo useradd --home /home/ftp --group ftp-users --shell /bin/dummy ftpadmin
sudo passwd ftpadmin
After you give a password for your user, you are done. Repeat the same process for the second user. I named mine ftpguest. You can choose whatever names you want. Try to log on to the system using either one of the new users you created. If you did everything right, you should not be able to log on.
We are almost done. We only need to give our users the right permissions to the FTP directory we created above. First, we change the owner of the directory from root to ftpadmin:
sudo chown -R ftpadmin /home/ftp
And then:
sudo chmod 755 /home/ftp
The outcome of these two commands is that the owner of the directory (ftpadmin) will have full access to the directory and the files within and the rest of the world only read access. Do a ls -l and you should see something like the third picture (which also shows me forgetting the proper switch to the ls command :P )
You can read more on file permissions here.
Edit the Config File
Unlike Windows, Linux does not have a registry file. Personally, I believe that this is a blessing, since there's no thing such as the registry becoming too big, which means your system becomes slower and unstable. Every program has it's own file(s) that contain configuration options. In this step, we will make some tweaks to VSFTPD's configuration file.
I think it's obvious, but I have to point out that before we start playing around with it, we first need to make a copy, in case something goes wrong. If you find yourselves messing with config files frequently, it is not a bad idea to make a directory where you store backups of all those files. Supposing this directory is /home/cfgbackup type the following command in the terminal:
sudo cp /etc/vsftpd.conf /home/cfgbackup
Now, use your favorite editor (as you might have noticed, I prefer nano) to open vsftpd.conf
There are unbelievably many settings for you to play with, I will only point out the changes I made.
First of all, locate the line that says anonymous_enable and make sure it's anonymous_enable=NO Note here that lines starting with # are comments, so when you remove the #, you activate these lines (this is called uncommenting).
Locate the line that says local_enable and change it to local_enable=YES. Do the same with write_enable. So far, you have forbidden access to your server from anonymous users and you allow only system users to log in. According to the config file, every user has write permission but we have dealt with this in the previous step, remember?
The next step is to contain our FTP users to their home directory. This method is known as "Root jail" and it uses the chroot command. Check the picture below and change your own file accordingly. The next two lines were added by me, so don't try to find them in your own file (at least they did not exist in mine). Add them to allow only a list of users to log on to your server. Please note that we declared a filename here: vsftpd.chroot_list and we now have to create that file since it does not exist. Create it and add the two users you created, each in his own line. Create another file named vsftpd.user_list and add these two users in there too. Both of the files should be in the /etc directory.
Type in a terminal:
sudo service vsftpd restart
The new settings will take effect and your new FTP Server is ready to go!
I think it's obvious, but I have to point out that before we start playing around with it, we first need to make a copy, in case something goes wrong. If you find yourselves messing with config files frequently, it is not a bad idea to make a directory where you store backups of all those files. Supposing this directory is /home/cfgbackup type the following command in the terminal:
sudo cp /etc/vsftpd.conf /home/cfgbackup
Now, use your favorite editor (as you might have noticed, I prefer nano) to open vsftpd.conf
There are unbelievably many settings for you to play with, I will only point out the changes I made.
First of all, locate the line that says anonymous_enable and make sure it's anonymous_enable=NO Note here that lines starting with # are comments, so when you remove the #, you activate these lines (this is called uncommenting).
Locate the line that says local_enable and change it to local_enable=YES. Do the same with write_enable. So far, you have forbidden access to your server from anonymous users and you allow only system users to log in. According to the config file, every user has write permission but we have dealt with this in the previous step, remember?
The next step is to contain our FTP users to their home directory. This method is known as "Root jail" and it uses the chroot command. Check the picture below and change your own file accordingly. The next two lines were added by me, so don't try to find them in your own file (at least they did not exist in mine). Add them to allow only a list of users to log on to your server. Please note that we declared a filename here: vsftpd.chroot_list and we now have to create that file since it does not exist. Create it and add the two users you created, each in his own line. Create another file named vsftpd.user_list and add these two users in there too. Both of the files should be in the /etc directory.
Type in a terminal:
sudo service vsftpd restart
The new settings will take effect and your new FTP Server is ready to go!
Eplogue
You have successfully set up your very own FTP server. It is as secure as it gets (considering our requirements of course) and it allows you to transfer files from anywhere in the world, share files with your friends and coming more close to the dreaded Linux terminal.
For those of you who saw the warning in the config file about the "implications" of chroot, let me tell you that no matter how hard I searched the only thing I found was "If somebody knows what he's doing, he might be able to bypass it" but nothing more specific. I already told you that we were going to deviate from the recommended use of FTP security wise, so this was one of the risks I was willing to take.
The only part I did not cover in this instructable, is how to access your server from the outside world, but that's basically forwarding port 22 (or the one you selected in the config file) from your router and maybe setting up a dynamic dns account, if you don't have a static IP address. I am sure that there are tons of tutorials out there on how to do this, so I did not include such instructions here.
I hope you liked my instructable, I hope even more that you found it useful and I would like to hear opinions on how it could be improved, being my first one and all. Thank you all for reading!
For those of you who saw the warning in the config file about the "implications" of chroot, let me tell you that no matter how hard I searched the only thing I found was "If somebody knows what he's doing, he might be able to bypass it" but nothing more specific. I already told you that we were going to deviate from the recommended use of FTP security wise, so this was one of the risks I was willing to take.
The only part I did not cover in this instructable, is how to access your server from the outside world, but that's basically forwarding port 22 (or the one you selected in the config file) from your router and maybe setting up a dynamic dns account, if you don't have a static IP address. I am sure that there are tons of tutorials out there on how to do this, so I did not include such instructions here.
I hope you liked my instructable, I hope even more that you found it useful and I would like to hear opinions on how it could be improved, being my first one and all. Thank you all for reading!