RSS

Category Archives: FTP

How to setup FTP server on ubuntu 14.04 ( VSFTPD )

FTP is used to transfer files from one host to another over TCP network. This article explains how to setup FTP server on ubuntu 14.04 .
There are 3 popular FTP server packages available PureFTPD, VsFTPD and ProFTPD. Here i’ve used VsFTPD which is lightweight and less Vulnerability.

Setup FTP server on Ubuntu 14.04

Step 1 » Update repositories .
krizna@leela:~$ sudo apt-get update
Step 2 » Install VsFTPD package using the below command.
krizna@leela:~$ sudo apt-get install vsftpd
Step 3 » After installation open /etc/vsftpd.conf file and make changes as follows.
Uncomment the below lines (line no:29 and 33).
write_enable=YES
local_umask=022
» Uncomment the below line (line no: 120 ) to prevent access to the other folders outside the Home directory.
chroot_local_user=YESand add the following line at the end.
allow_writeable_chroot=YES» Add the following lines to enable passive mode.
pasv_enable=Yes
pasv_max_port=40000
pasv_min_port=40100

Step 4 » Restart vsftpd service using the below command.
krizna@leela:~$ sudo service vsftpd restart
Step 5 » Now ftp server will listen on port 21. Create user with the below command.Use /usr/sbin/nologin shell to prevent access to the bash shell for the ftp users .
krizna@leela:~$ sudo useradd -m john -s /usr/sbin/nologin
krizna@leela:~$ sudo passwd john

Step 6 » Allow login access for nologin shell . Open /etc/shells and add the following line at the end.
/usr/sbin/nologin
Now try to connect this ftp server with the username on port 21 using winscp orfilezilla client and make sure that user cannot access the other folders outside the home directory.
setup FTP server ubuntu 14.04
Please note using ftp on port 21 is a big security risk . it’s highly recommended to use SFTP. Please continue for SFTP configuration

Securing FTP ( SFTP )

SFTP is called as “Secure FTP” which generally use SSH File Transfer Protocol . so we need openssh-server package installed , Issue the below command if it’s not already installed.
krizna@leela:~$ sudo apt-get install openssh-server
Step 7 » Again open /etc/vsftpd.conf file and add the below line to enable ssl.
ssl_enable=Yes
Step 8 » Create a new group ftpaccess for FTP users.
krizna@leela:~$ sudo groupadd ftpaccess
Step 9 » Now make changes in this /etc/ssh/sshd_config file.
» Find the below line
Subsystem sftp /usr/lib/openssh/sftp-serverand replace with
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
» and comment the below line ( Last line).
#UsePAM yes
Step 10 » Restart both VsFTPD and sshd service.
krizna@leela:~$ sudo service vsftpd restart
krizna@leela:~$ sudo service ssh restart

Step 11 » The below steps must be followed while creating Users for sftp access.
Create user john with ftpaccess group and /usr/bin/nologin shell.
krizna@leela:~$ sudo useradd -m john -g ftpaccess -s /usr/sbin/nologin
krizna@leela:~$ sudo passwd john
Change ownership for the home directory.
krizna@leela:~$ sudo chown root /home/johnCreate a folder inside home directory for writing and change ownership for that folder.
krizna@leela:~$ sudo mkdir /home/john/www
krizna@leela:~$ sudo chown john:ftpaccess /home/john/www

Now try to connect server using SFTP ( port : 22 ) and makesure Users can upload files to www directory and cannot access other folders outside home directory.setup FTP server ubuntu 14.04
All the best.

 

** Change FTP root directory to /var/www

Method 1#

By changing User’s Home directory

Make sure following line exists

chroot_local_user=YES

Set User HOME Directory to /var/www/ , if you want to change for existing user then you can use :

usermod --home /var/www/ username

then set required permission on /var/www/

Method 2#

If you don’t want to change user’s Home directory then you can use:

chroot_local_user=YES
local_root=/ftphome/$USER
user_sub_token=$USER

About user_sub_token:

Automatically generate a home directory for each virtual user, based on a template. For example, if the home directory of the real user specified via guest_username is /ftphome/$USER, and user_sub_token is set to $USER, then when virtual user test logs in, he will end up (usually chroot()’ed) in the directory /ftphome/test. This option also takes affect if local_root contains user_sub_token.

Create directory and setting up permission :

mkdir -p /ftphome/{test,user1,user2}

chmod 770 -R /ftphome
chown -R ftp. /ftphome
usermod -G ftp test

Once restart vsftpd and test your setup.

Sample success output:

[root@mail tmp]# ftp localhost
Connected to mail.linuxian.local.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): test
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mput vhosts
mput vhosts? 
227 Entering Passive Mode (127,0,0,1,146,41)
150 Ok to send data.
226 File receive OK.
24 bytes sent in 3.3e-05 seconds (7.1e+02 Kbytes/s)
ftp> ls -rlt
227 Entering Passive Mode (127,0,0,1,97,90)
150 Here comes the directory listing.
-rw-r--r--    1 787      787            24 Oct 11 19:57 vhosts
226 Directory send OK.
ftp> 221 Goodbye.

 

Copy from: http://www.krizna.com/ubuntu/setup-ftp-server-on-ubuntu-14-04-vsftpd/ and http://unix.stackexchange.com/questions/94603/vsftpd-limit-ftp-access-only-to-var-www

Advertisements
 
Leave a comment

Posted by on October 22, 2014 in FTP, Ubuntu