- Code: Select all
sudo apt-get install vsftpd
Now that you’ve installed vsftpd, follow this procedure to configure it.
- Code: Select all
sudo service vsftpd stop
Now edit the config file
- Code: Select all
nano /etc/vsftpd.conf
We don’t want anonymous login:
- Code: Select all
anonymous_enable=NO
Enable local users:
- Code: Select all
local_enable=YES
The ftpuser should be able to write data:
- Code: Select all
write_enable=YES
Chroot everyone:
- Code: Select all
chroot_local_user=YES
set umask to 022 to make sure that all the files (644) and folders (755) you upload get the proper permissions.
- Code: Select all
local_umask=022
Add this too, as linux has passive ftp and you want to access it outside the local network.
- Code: Select all
# My Config
pasv_enable=YES
pasv_addr_resolve=YES
#user ddns address
pasv_address=ueftptest.no-ip.org
#choose and range you like
pasv_min_port=4242
pasv_max_port=4252
# the list of users to give access
userlist_file=/etc/vsftpd.userlist
# this list is on
userlist_enable=YES
# It is not a list of users to deny ftp access
userlist_deny=NO
#one more
allow_writeable_chroot=YES
seccomp_sandbox=NO
Now that basic configuration is complete, now let us begin with locking / securing a directory to user.
- Code: Select all
sudo useradd -d /var/www/path/to/your/dir -s /usr/sbin/nologin ftpuser
Setup a password for the user:
- Code: Select all
sudo passwd ftpuser
In order to enable the ftpuser read and write the data in your home dir, change the permission and take ownership:
- Code: Select all
sudo chown -R ftpuser /var/www/path/to/your/dir
sudo chmod 775 /var/www/path/to/your/dir
Create userlist file and add the user:
- Code: Select all
sudo nano /etc/vsftpd.userlist
and add the user:
- Code: Select all
ftpuser
After completing all these procedures it is almost ready to use it, give it a try but you will get a 500 OOPS permission denied error. To fix it you need to add a nologin to the shell set.
- Code: Select all
sudo nano /etc/shells
Add this line at the end:
- Code: Select all
/usr/sbin/nologin
Now create a usergroup and add the ftpuser to it:
- Code: Select all
sudo addgroup ftpusers
sudo usermod -Gftpusers ftpuser
One final thing, to access from outside network and avoid : 530 login error do this
- Code: Select all
sudo nano /etc/pam.d/vsftpd
Comment the second line below :
- Code: Select all
# Standard behaviour for ftpd(8).
#auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers$
Now start the vsftpd:
- Code: Select all
service vsftpd start
That’s it. Now you have a secure installation of vsftpd on your server.
[ Only complete solution on Ultimate Edition Forum and this works because i tried it myself and put together the solutions for many errors. ]
Local Login :
Web Login :