vsftpd Installation

*Last Update: 20230722* --- *Abstract* --- ## Install vsftpd ```bash sudo apt update && sudo apt install vsftpd ``` ## Setting vsftpd Config File File path: `/etc/vsftpd.conf` 1. Disable anonymous user ```bash! anonymous_enable=NO ``` 2. Enable local users ```bash! local_enable=YES ``` 3. Enable write permission ```bash! write_enable=YES ``` 4. Restrict directory changing for local users ```bash! chroot_local_user=YES # By default (chroot_local_user=NO), the vsftpd.chroot_list specifies the users that can be chroot. If set to YES, the list becomes a list of users to NOT chroot. # Allow upload if needed. (here we create ~/ftp for file management) user_sub_token=$USER local_root=/home/$USER/ftp ## Another solution (user needs writable permission to home directory) write_enable=YES allow_writeable_chroot=YES ``` 5. Add range of port for passive mode ```bash! pasv_min_port=30000 pasv_max_port=31000 ``` 6. Restrict user login ```bash! userlist_enable=YES userlist_file=/etc/vsftpd.user_list userlist_deny=NO ``` 7. Securing transmission with SSL :::info If using `vsftpd.user_list` while enable anonymous users, the user `anonymous` need to be appended into `vsftpd.user_list` to allow anonymous login. The anonymous user will login to default direcotry `/srv/ftp`, and the shell access and chroot will be restricted. ::: ## Create FTP User 1. Add New User ```bash! sudo adduser <user_name> ``` 2. Add User to List ```bash! echo "<user_name>" | sudo tee -a /etc/vsftpd.user_list ``` 3. Create New Directory for FTP ``` sudo mkdir -p /home/<user_name>/ftp/upload sudo chmod 550 /home/<user_name>/ftp sudo chmod 750 /home/<user_name>/ftp/upload sudo chown -R <user_name>: /home/<user_name>/ftp ``` 4. Change User Home Directory (Optional) ``` sudo usermod -d /home/<user_name>/ftp <user_name> ``` ## Restrict User Permission ### Disable Shell Access 1. Create file to print the restricting message ```bash! # Create message showing file echo -e '#!/bin/sh\necho "This account is limited to FTP access only."' | sudo tee -a /bin/ftponly # Make it executable sudo chmod a+x /bin/ftponly ``` 2. Append new shell to the list of valid shells ``` echo "/bin/ftponly" | sudo tee -a /etc/shells ``` 3. Change the user shell to ftponly ``` sudo usermod <user_name> -s /bin/ftponly ```