Open in app

Sign in

Write

Sign in

FTP on a VPS

Emanuel Baran
2 min readJun 22, 2016

You have a DigitalOcean droplet or a VPS from another service and you need to create a FTP account/s?

It’s actually easier than you think.

In my case, I needed to give someone FTP access to a DO droplet where we had many Wordpress installs running.

So having a FTP account to give access to only a specific folder is really important, so after some digging, here’s a solution that worked off the bat;

(I will assume you are a system admin/have root access to the VPS)

Installing vsftpd

Login through your favorite console and install vsftpd:

sudo apt-get install vsftpd

After the install is finished, we need to edit some options in the configuration

sudo nano /etc/vsftpd.conf

Next up, find these lines and modify them accordingly, and make sure they are uncommented (remove the hashtag before the line in case it’s there)

anonymous_enable=NO 
local_umask=022 
chroot_local_user=YES
write_enable=YES 
local_enable=YES

To overview what we just did:

We do not want anonymous login on our server (most cases) anonymous_enable=NO

The local_umask=022 is slightly more complicated to explain and goes out of the scope of this article, but you can read more here. It’s the permissions level

With chroot_local_user we link (or jail) the user into a specific folder after login.

write_enable and local_enable are important for actually being able to write and access files. They should be set to YES

The full documentation for all the commmands can be found here.

The final edit in the config is to add this at the end of the file:

force_dot_files=YES

With this you can see files that start with a dot, like the .htaccess

Create a user

You should (must) have a dedicated user for that specific FTP account, so let’s do that quick:

sudo adduser <username>

You’ll be prompted with adding a password and some extra information. I suggest always creating a complex password. I personally use Dashlane’s Chrome plugin to generate a complex password. The other fields can be left empty.

Finishing up

There are 3 more steps left:

Tell which folder gets assigned to which user.

sudo usermod -m -d /var/www/example.com <username>

Of course, your folder will be different than example.com and your username will be the one you previously created.

Make sure the permissions are set:

sudo chmod a-w /var/www/example.com

And give the vsftpd a restart

sudo service vsftpd restart

That’s it! Now you should do a quick test and fire up FileZilla and do a test.

On login you should have access only to the specified folder, as in our example.com.

Let me know if it helped or something didn’t work!

Security
Vps
Ftp
System Administration
Coding

--

--

Emanuel Baran

Written by Emanuel Baran

99 Followers

Human v3.3. Frontend developer & web designer with a soft spot for games

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams