FTP is used to transfer files from one host to another over TCP network. There are 3 popular FTP server packages available PureFTPD, VsFTPD and ProFTPD.
If you are login as a normal user, you have to use "sudo" before the command, only for the first time. If your in root login, you can simply use the command, without "sudo".
Step 1 » Update your repositories.
root@digidom:~# apt-get update
Step 2 » Install VsFTPD package using the below command.
root@digidom:~# apt-get install vsftpd
Step 3 » Check the vsftpd directories and file paths.
root@digidom:~# whereis vsftpd
Step 9 >> To enable chroot_local_user option to restrict users to their own home directories.
vsftpd: /usr/sbin/vsftpd /etc/vsftpd.conf /usr/share/man/man8/vsftpd.8.gz
Step 4 » Backup the /etc/vsftpd.con file
root@digidom:~# cp /etc/vsftpd.conf /etc/vsftpd.conf.back
Step 5 » After installation open /etc/vsftpd.conf file and make changes as follows.
root@digidom:~# vi /etc/vsftpd.conf
root@digidom:~# egrep -v '^#|^$' /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Step 6 » Restart vsftpd service using the below command.
root@digidom:~# service vsftpd restart
Step 7 >> Create a FTP User account.
Assign a password and feel free to press "ENTER" through the other prompts. Now, give root ownership of the ftpuser's home directory:
root@digidom:~# sudo adduser ftpuser
Step 8 >> Now try to connect this ftp server with the username and password on port 21 using winscp or filezilla client.
As this default configuration is not secure, you can access all directories through ftp client. Here FTP connection is working fine.
root@digidom:~# vi /etc/vsftpd.conf
chroot_local_user=YES
Error : 500 OOPS: vsftpd: refusing to run with writable root inside chroot(). This error for allow to write chroot.
root@digidom:~# vi /etc/vsftpd.conf
allow_writeable_chroot=YES
Note : If this option "allow_writesble-chroot" is enabled no need to create a Directory. If not enabled we need to create Directory on inside the user home directory and set Permissions.
Optional Setup : If not enabled allow_writeable_chroot=YES
root@digidom:~# tail /etc/passwd | grep ftpuser
ftpuser:x:1000:1000:,,,:/home/ftpuser:/bin/bash
root@digidom:~# chown root:root /home/ftpuser/
root@digidom:~# mkdir /home/ftpuser/mailbox
root@digidom:~# chown ftpuser:ftpuser /home/ftpuser/mailbox/
root@digidom:~# ll -d /home/ftpuser/
drwxr-xr-x 3 root root 4096 Dec 17 04:27 /home/ftpuser/
root@digidom:~# ll /home/ftpuser/
drwxr-xr-x 2 ftpuser ftpuser 4096 Dec 17 04:27 mailbox/
chroot_local_user=YES
Error : 500 OOPS: vsftpd: refusing to run with writable root inside chroot(). This error for allow to write chroot.
root@digidom:~# vi /etc/vsftpd.conf
allow_writeable_chroot=YES
Note : If this option "allow_writesble-chroot" is enabled no need to create a Directory. If not enabled we need to create Directory on inside the user home directory and set Permissions.
Optional Setup : If not enabled allow_writeable_chroot=YES
root@digidom:~# tail /etc/passwd | grep ftpuser
ftpuser:x:1000:1000:,,,:/home/ftpuser:/bin/bash
root@digidom:~# chown root:root /home/ftpuser/
root@digidom:~# mkdir /home/ftpuser/mailbox
root@digidom:~# chown ftpuser:ftpuser /home/ftpuser/mailbox/
root@digidom:~# ll -d /home/ftpuser/
drwxr-xr-x 3 root root 4096 Dec 17 04:27 /home/ftpuser/
root@digidom:~# ll /home/ftpuser/
drwxr-xr-x 2 ftpuser ftpuser 4096 Dec 17 04:27 mailbox/
That's it...
FTP is very complex to set up. Binfer is a more secure alternative. See Binfer as FTP alternative
ReplyDelete