QuickTip: Setting up a fully functional FTP server on Ubuntu

Valkyrie Studios
Jun 17, 2018 · 4 min read

A couple days ago we were migrating a legacy wordpress installation to a digitalocean one-click wordpress droplet. Afterwards we needed to adjust the system to allow FTP connections. Here’s a little rundown on how we adjusted the droplet for having a somewhat secure FTP setup.

Install vsftpd

Vsftpd is shorthand for Very Secure FTP Daemon and is a unix-based ftp server that prides itself on being insanely fast. It can be installed through most unix-based package managers such as apt (ubuntu), pacman (Arch), yum (Fedora, CentOS, Redhat), etc.

Since we’re running on ubuntu we’ll just execute the following command to install vsftpd.

Configure vsftpd

Open up the file at /etc/vsftpd.conf in your favorite text editor (vim, nano, …) and make sure the following lines are uncommented :

local_enable allows system-defined users in the /etc/passwd file to login through vsftpd.

write_enable allows changes to the filesystem through ftp, such as uploading.

ascii_upload_enable and ascii_download_enable tell vsftpd to disable ‘ascii mangling’ it’s a horrible feature of the ftp protocol that basically replaces line-endings regardless of whether or not the ftp server is running on a windows or unix machine. Take a look at the following redhat article for a more in-depth description and analysis of how vsftpd applies this.

chroot is shorthand for ‘change root’ and will basically enable an environment that prevents the user from leaving its home directory.

Add a new user

DigitalOcean doesn’t setup a ‘restricted’ user by default, since developers would only need FTP access to the wordpress folder we decided to setup a new user and set his home directory to that folder.

This will create a user named wordpress, you will be asked some basic questions and also be asked to setup a password for that user.

This will make sure the wordpress user is part of the www-data group.

Configure the wordpress user

Now we’ll setup the wordpress user to have an ‘ftp’-bound mountpoint between its home-directory and the wordpress folder.

Create an empty directory at /var/ftp/wordpress to be used as a mount point

Mount bind the /var/www/html folder ( default install location for wordpress ) onto /var/ftp/wordpress. this way when navigating to /var/ftp/wordpress, it will be the same as if you were going to /var/www/html.

Change the home directory of the wordpress user to be /var/ftp/wordpress

Last but not least

Last but not least we need to open up port 21 on our firewall to allow ftp traffic and restart vsftpd for the changes to take effect.

You can check if the port change went into effect by executing ufw show, which should output something like the following

21 : FTP, 22 : SSH, 80 : HTTP, 443 : HTTS

Afterwards execute the following to restart vsftpd and automatically start it on server boot.

Conclusion

You should now have a fully functioning FTP server with a user that is restricted to a single directory. There’s a lot more possibilities and configuration options for vsftpd, but this should get you started.

In case you do want to learn more, try checking out any of the following :

Valkyrie Studios

Written by

A web/digital agency focussing on delivering friendly and user-centered experiences that are hyper scalable. — www.valkyriestudios.be

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade