How to setup and configure an FTP server in Linux? - GeeksforGeeks (2024)

Table of Contents
How does the FTP server work? What is FTP Client? Step-by-step instructions for setting up and configuring an FTP server in Linux Step 1: Install FTP server Step 2: Configure Firewall Step 3: Configure Users Step 4: Create the FTP folder and set permissions Step 5: Configure and secure vsftpd Step 6: Securing vsftpd with SSL/TLS Step 7: Connecting to our FTP server How to Use ftp Command in Linux Example Session Linux ftp Command Syntax Setup and Configure an FTP server in Linux – FAQs How to use FTP in Linux? Does Linux have built in FTP? How to check the ftp service in Linux? What is FTP command list? How to use FTP command? Please Login to comment...

FTP (file transfer protocol) is an internet protocol that is used for transferring files between client and server over the internet or a computer network. It is similar to other internet protocols like SMTP, which is used for emails, and HTTP, which is used for websites. FTP server enables the functionality of transferring files between server and client. A client connects to the server with credentials and depending upon the permissions it has, it can either read files or upload files to the server as well. In this article, we will see how to set up an FTP server, configure user permissions, configure a firewall, and finally encrypt our FTP traffic with SSL.

How does the FTP server work?

The FTP server facilitates the transfer of files between the client and the server. You can either upload a file to a server or download a file from the server. A client makes two types of connection with the server, one for giving commands and one for transferring data. The client issues the command to the FTP server on port 21, which is the command port for FTP. For transferring data, a data port is used. There are two types of connection modes for transferring data:

  • Active mode: In Active mode, the client opens a port and waits for the server to connect to it to transfer data. The server uses port 20 to connect to the client for data transfer. Active mode is not set by default in most of the FTP clients because most firewalls block connections that are initiated from outside, in this case, the connection initiated by our FTP server. To use this, you have to configure your firewall.
  • Passive mode: In this, when a client requests a file from the server, the server opens a random port and tells the client to connect to that port. In this case, the connections are initiated by the client, which also solves the firewall issues. Most of the FTP clients use passive mode by default.

What is FTP Client?

An FTP (File Transfer Protocol) client is a software application used to transfer files between a local computer and a remote server over a network, typically the Internet. FTP clients are commonly used by web developers, system administrators, and other users who need to upload, download, or manage files on a remote server.

FTP clients provide a user-friendly interface for managing file transfers. They typically allow users to connect to FTP servers by entering the server’s hostname or IP address, along with a username and password for authentication. Once connected, users can navigate directories on the server, upload files from their local computer to the server, download files from the server to their local computer, and perform other file management tasks such as renaming, deleting, and creating directories.

FTP clients may also support additional features such as resuming interrupted transfers, scheduling transfers to occur at specific times, and encrypting data for secure transfers using protocols like FTPS (FTP over SSL/TLS) or SFTP (SSH File Transfer Protocol).

Overall, FTP clients are essential tools for efficiently managing file transfers between local and remote systems.

Step-by-step instructions for setting up and configuring an FTP server in Linux

First, SSH into your Linux virtual machine with a user who has sudo permissions and follows the following steps:

Step 1: Install FTP server

There are many FTP servers to choose from like ProFTPD, vsftpd, etc. We will be using vsftpd.

Features of vsftpd FTP server:

vsftpd has a lot of features, which make it a great option as an FTP server. It

  • Supports SSL/TLS integration
  • Can jail users into its home directory with a feature called chroot. We will set this up later in this article.
  • Can limit bandwidth.
  • Supports virtual users
  • Supports virtual IP configuration
  • Supports IPv6

Type in the following command to install vsftpd

sudo apt install vsftpd

Now we will check if the vsftpd service is active or not. Type in

sudo systemctl status vsftpd

How to setup and configure an FTP server in Linux? - GeeksforGeeks (1)

You can see under the Active heading that it’s active and running. systemctl command is used to manage and check services on Linux. We can also use this command to enable and disable services on Linux. If your vsftpd is not active, then type in

sudo systemctl enable --now vsftpd

The –now flag ensures that enable command affects our service immediately and not after a reboot.

Step 2: Configure Firewall

FTP uses port 20 for active mode, port 21 for commands, and a range of ports for passive mode. We need to open these ports from our firewall. If you do not use any firewall, you can skip this step. Most of the Linux systems use ufw to manage firewalls, however, some cloud service providers like Microsoft Azure have firewalls outside of the Virtual machine and you have to configure that from their portal. Whatever the case, just open ports 20 and 21 for TCP connections and open a range of ports for passive FTP connections. The range for passive ports depends upon how many concurrent user clients you expect to have. Also, a single client can use multiple ports to transfer multiple files or a large file. We also need to specify our FTP server to use those ports and we will see how to do it later in this tutorial The ports till 1024 are reserved and our passive FTP port range should be higher than that. I’ll open ports from 5000-10000. We will also open port 990 for TCP which we will configure later. Let’s do it for ufw. Type in

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 5000:10000/tcp

Step 3: Configure Users

The two most common use cases of FTP servers are:

  • You want to host a public FTP server and a lot of public users are going to connect to your FTP server to download files.
  • You want to upload your files to your Linux server for personal use and you would not have public users.

In the first case, you would need to create an additional user and share its username and password with your clients to access the files. Everything else is the same for the second case.

The basic idea is that the admin user should be able to upload files to any folder of the machine, and the public user should be able to view and download files from a specific directory only. To make this happen, you should have a basic idea of user permissions. The root user has the permission to write files into any folder of the server, and any other user has access to every folder inside their home directory which is /home/username and most of the other directories are not writable by other users. So if you want to upload files to other directories outside of your admin user’s home directory, let’s say /var/www, then you would need to change the owner of this directory to your admin user with chown command, or change directory modification permissions with chmod command.

Let’s start by creating our public user account. Type in

sudo adduser ftpuser

Enter your password, leave other values empty, and at last, enter Y to save changes.

See Also
How to Install Firewalld on Debian 12, 11 or 10 - LinuxCapableGuide to Deploy Angular App for Production on Linux ServersSOC Analyst Certification Prep, Level 2 Training Courses - CybraryA Complete Guide to Managing Log Files with Logrotate | Better Stack Community

How to setup and configure an FTP server in Linux? - GeeksforGeeks (2)

Now, for security purposes, we will disable ssh permission for this user. Type in

sudo nano /etc/ssh/sshd_config

Add the following line in this file

DenyUsers ftpuser

Press Ctrl + x then y then enter. Now, restart the SSH service so that these new settings take effect.

sudo systemctl restart sshd

Step 4: Create the FTP folder and set permissions

We will create our FTP folder. Type in

sudo mkdir /ftp

Now, we will change this directory’s owner to our admin user. Type in

sudo chown adminuser /ftp

If you want to upload files to any folder that is not owned by your admin user, you will have to change that folder’s owner using the above-mentioned command.

Step 5: Configure and secure vsftpd

Open the vsftpd configuration file. Type in

sudo nano /etc/vsftpd.conf

Make sure the following lines are uncommented

...
anonymous_enable=NO
local_enable=YES
write_enable=YES
...

Also, we opened ports 5000 to 10000 in step 2 for passive mode, so now we will let vsftpd know which ports to use for passive FTP connection. Add the following lines in vsftpd.conf file

pasv_min_port=5000
pasv_max_port=10000

Now, we will specify the default directory for FTP connections which will open when someone connects to our FTP server. Add the following line

local_root=/ftp

Remember, do not put any space before and after = in this configuration file.

Locking user into the home directory

Now, for security reasons, we will lock the ftpuser to the default directory, as by default, a user can browse the whole Linux server. To do this, vsftpd uses chroot. To do this, un-comment the following lines

...
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
...

Also, add the following line as it is not in the configuration file by default

allow_writeable_chroot=YES

The first line enables chroot feature for local users which includes our admin user and our ftpuser. The second and third lines let us choose which users to apply chroot to.

Setting file permission

local_umask=0002

This line will set the modification permission of every new file created to 664 (-rw-rw-r-) and of every new folder to 775 (rwxrwxr-x). With this, the ftpuser can only read and download files from every sub-directory of our FTP directory, but it does not have permission to upload anything to our FTP directory since it is not the owner.

Press Ctrl + x then y then enter. Now, we need to create that list file. Type in

sudo touch /etc/vsftpd.chroot_list
sudo nano /etc/vsftpd.chroot_list

Whatever users you specify in this file, will not be chroot-ed. So add your admin username in this file because we do not want to lock it. Press Ctrl + x then y then enter. Now we need to restart our vsftpd server so that all these settings get applied immediately. Type in

sudo systemctl restart --now vsftpd

Step 6: Securing vsftpd with SSL/TLS

It is recommended to encrypt FTP traffic if you want to use it over the internet. We will encrypt our traffic with FTPS (file transfer protocol over SSL). Let’s start by generating a self-signed certificate. Type in

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Enter all the required information and your certificate will be generated. You can also Hit Enter if you want the default values to be set. Now, open the vsftpd configuration file. Type

sudo nano /etc/vsftpd.conf

Go to the end of the file and remove the following lines

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

ssl_enable=NO

And, paste the following lines

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Save the changes and finally, restart the vsftpd service by typing in

sudo systemctl restart --now vsftpd

Step 7: Connecting to our FTP server

To do this, you will need an FTP client. Again, there are a bunch of them to choose from. I’d suggest you go with Filezilla. Download and install it and then open it. Enter your server’s IP address in the Host field, your username, and password, and click connect and you are good to go.

How to setup and configure an FTP server in Linux? - GeeksforGeeks (3)

On the left side, you would see your PC’s directories, and on the right, you would see the directories of your FTP server. You can drag and drop files to upload and download files between the FTP server and your device(client).

How to Use ftp Command in Linux

  • Open a Terminal: Launch a terminal window on your Linux system.
  • Connect to an FTP Server: Type ftp followed by the hostname or IP address of the FTP server, and press Enter.
ftp ftp.example.com
  • Login: Enter your username and password when prompted.
Name (ftp.example.com:yourusername): yourusername
Password: yourpassword
  • Navigate and Manage Files:
    • List Files: Use ls or dir to list files and directories on the server.
    • Change Directory: Use cd to change the directory on the server.
    • Upload Files: Use put followed by the file name to upload a file to the server.
    • Download Files: Use get followed by the file name to download a file from the server.

Example Session

ftp ftp.example.com
Name (ftp.example.com:yourusername): yourusername
Password: yourpassword
ftp> ls
ftp> cd directory_name
ftp> put localfile.txt
ftp> get remotefile.txt
ftp> bye

Linux ftp Command Syntax

You can also connect to your FTP server on the terminal and operate it with FTP commands. A list of a few of them is given below.

CommandFunction
pwdprint the current working directory
cwdchange working directory
deledelete the specified file
cdupchange to the parent directory
helpdisplays help information
cdchange the working directory
get filenamedownload the specified file
put filenameuploads the specified file
byeend FTP session
ftp [-46pinegvd] [host [port]]
pftp [-46inegvd] [host [port]]

The File Transfer Protocol, a standard on the Internet, includes an interface named FTP. A user are able to move files to and from a faraway network address with this application.

Options may be provided to the command interpreter or at the command line.

  • -4 When addressing any host, simply employ IPv4.
  • -6 Only use IPv6.
  • -p For the purpose to send data, use passive mode. allows the use of FTP in situations where firewalls are in place but prevent connections from the outside world back to the client system. requires the FTP server to be able to run the PASV command. If pftp is employed, this is the default.
  • -i Prevents interactive causes while downloading multiple files.
  • -n Prevents the initial connection’s “auto-login” attempt from being initiated by FTP. FTP will search for an item describing an account on the other machine in the user’s home directory’s.netrc (see netrc(5)) file if auto-login is enabled. FTP are going to ask for the detached machine login name (through default, the user identity on the local system) and, if needed, a password and account to use for login if there is no entry.
  • -e Disables history support and command editing if it was compiled into an FTP executable. Does not require anything else.
  • -g Disables globbing in names of files.
  • -v When using the verbose option, FTP is compelled to show all responses from the remote server along with data transfer statistics.
  • -d Enables debugging easier.

Setup and Configure an FTP server in Linux – FAQs

How to use FTP in Linux?

To use FTP in Linux, install an FTP client like FileZilla, and connect to an FTP server using the server’s hostname or IP address, username, and password. Alternatively, you can use the command-line FTP client by running ftp followed by the server’s hostname or IP address.

Does Linux have built in FTP?

Yes, Linux distributions often include the vsftpd (Very Secure FTP Daemon) package, which provides a built-in FTP server solution for file transfer needs.

How to check the ftp service in Linux?

To check the FTP service status in Linux, you can use the command systemctl status vsftpd.service.

What is FTP command list?

FTP command list includes commands like ls (list files), get (download file), put (upload file), cd (change directory), mkdir (make directory), delete (delete file), and quit (exit FTP session).

How to use FTP command?

To use the FTP command, simply open a terminal and type ftp, followed by the hostname or IP address of the FTP server. Then, enter your username and password when prompted to connect to the server and transfer files.



J

jivendrasah

Improve

Next Article

How to setup and configure an FTP server in Linux?

Please Login to comment...

How to setup and configure an FTP server in Linux? - GeeksforGeeks (2024)
Top Articles
Warzone MX Guardian loadout best build and class setup
E13 Ultipro Login
How to Fix Slime that Didn't Work Out
How To Make Slime Less Sticky - Little Bins for Little Hands
Minecraft APK 1.20.51 Descargar Mejor Versión Para Android Gratis
[Mod] Vinery [1.19.2 - 1.20.1]
Eugene Register-Guard Obituaries
Sissy Poppers Hypnosis
Oregon Coast Aquarium Ebt Discount
Pertemis - OTPforlife - Wattpad
QLD Tenders & Contracts
5 analysts discuss Tesla stock after Q2 deliveries beat By Investing.com
Latest Posts
MW2 MX Guardian loadout best build and class setup
Call of Duty®: Modern Warfare® II & Warzone™ Season 04 Reloaded Patch Notes
Article information

Author: Maia Crooks Jr

Last Updated:

Views: 5642

Rating: 4.2 / 5 (63 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Maia Crooks Jr

Birthday: 1997-09-21

Address: 93119 Joseph Street, Peggyfurt, NC 11582

Phone: +2983088926881

Job: Principal Design Liaison

Hobby: Web surfing, Skiing, role-playing games, Sketching, Polo, Sewing, Genealogy

Introduction: My name is Maia Crooks Jr, I am a homely, joyous, shiny, successful, hilarious, thoughtful, joyous person who loves writing and wants to share my knowledge and understanding with you.