Skip to main content

How to setup FTP server on ubuntu 14.04 ( VSFTPD )


FTP is used to transfer files from one host to another over TCP network. This article explains how to setup FTP server on ubuntu 14.04 .
There are 3 popular FTP server packages available PureFTPD, VsFTPD and ProFTPD. Here i’ve used VsFTPD which is lightweight and less Vulnerability.

Setup FTP server on Ubuntu 14.04

Step 1 » Update repositories .
krizna@leela:~$ sudo apt-get update
Step 2 » Install VsFTPD package using the below command.
krizna@leela:~$ sudo apt-get install vsftpd
Step 3 » After installation open /etc/vsftpd.conf file and make changes as follows.
Uncomment the below lines (line no:29 and 33).
write_enable=YES
local_umask=022
» Uncomment the below line (line no: 120 ) to prevent access to the other folders outside the Home directory.
chroot_local_user=YES and add the following line at the end.
allow_writeable_chroot=YES» Add the following lines to enable passive mode.
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100

Step 4 » Restart vsftpd service using the below command.
krizna@leela:~$ sudo service vsftpd restart
Step 5 » Now ftp server will listen on port 21. Create user with the below command.Use /usr/sbin/nologin shell to prevent access to the bash shell for the ftp users .
krizna@leela:~$ sudo useradd -m john -s /usr/sbin/nologin
krizna@leela:~$ sudo passwd john

Step 6 » Allow login access for nologin shell . Open /etc/shells and add the following line at the end.
/usr/sbin/nologin
Now try to connect this ftp server with the username on port 21 using winscp or filezilla client and make sure that user cannot access the other folders outside the home directory.
setup FTP server ubuntu 14.04
Please note using ftp on port 21 is a big security risk . it’s highly recommended to use SFTP. Please continue for SFTP configuration

Secure FTP ( SFTP )

SFTP is called as “Secure FTP” which generally use SSH File Transfer Protocol . so we need openssh-server package installed , Issue the below command if it’s not already installed.
krizna@leela:~$ sudo apt-get install openssh-server
Step 7 » Create a new group ftpaccess for FTP users.
krizna@leela:~$ sudo groupadd ftpaccess
Step 8 » Now make changes in this /etc/ssh/sshd_config file.
» Find and comment the below line
Subsystem sftp /usr/lib/openssh/sftp-server and Add these lines at the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Step 9 » Restart sshd service.
krizna@leela:~$ sudo service ssh restart
Step 10 » The below steps must be followed while creating Users for sftp access.
Create user john with ftpaccess group and /usr/bin/nologin shell.
krizna@leela:~$ sudo useradd -m john -g ftpaccess -s /usr/sbin/nologin
krizna@leela:~$ sudo passwd john
Change ownership for the home directory.
krizna@leela:~$ sudo chown root /home/johnCreate a folder inside home directory for writing and change ownership of that folder.
krizna@leela:~$ sudo mkdir /home/john/www
krizna@leela:~$ sudo chown john:ftpaccess /home/john/www

Now try to connect server using SFTP ( port : 22 ) and makesure Users can upload files to www directory and cannot access other folders outside home directory.setup FTP server ubuntu 14.04
If you want use both FTP and SFTP together, please perform above steps ( Step 10 ) while creating users . For existing users, move them to ftpaccess group and create folder structure and ownership changes as below.
krizna@leela:~$ sudo usermod john -g ftpaccess -s /usr/sbin/nologin
krizna@leela:~$ sudo chown root /home/john
krizna@leela:~$ sudo mkdir /home/john/www
krizna@leela:~$ sudo chown john:ftpaccess /home/john/www

Now john can able to upload files to www folder using FTP as well as SFTP.

Also see :
» Setup FTP server on ubuntu 16.04
» Setup FTP server on centos 7
» Configure ftp server on centos 6

All the best.

  • Good one! Thanks to you created SFTP. Thank mate.

  • Good one! Thanks to you created SFTP. Thank mate.

  • ovicostea

    Thank you for this information. Very useful.

  • Thank you for this information. Very useful.

  • Eduardo D Jr Barrete

    hi how to config instead in the home/ it should be in /var/www directly after sftp login

    thanks

    • krizna

      Use -d while creating usernames
      sudo useradd -m -d /var/www/john john -g ftpaccess -s /usr/sbin/nologin

  • Eduardo D Jr Barrete

    hi how to config instead in the home/ it should be in /var/www directly after sftp login

    thanks

    • Use -d while creating usernames
      sudo useradd -m -d /var/www/john john -g ftpaccess -s /usr/sbin/nologin

  • Aasim Mistry

    HI, I have tried with a particular folder so on login the user is directly going to that folder but the user can go back to the root and go into any other folder and add delete files so the whole purpose of limited access to a particular folder is defeated. Any inputs will be highly apreciated

  • Aasim Mistry

    HI, I have tried with a particular folder so on login the user is directly going to that folder but the user can go back to the root and go into any other folder and add delete files so the whole purpose of limited access to a particular folder is defeated. Any inputs will be highly apreciated

  • Phil

    Hi, I’m getting a ‘553 Could not create file’ response. I’m using port 21 (for now). Any thoughts? Thanks

    • Phil

      Delete also fails (550 Delete operation failed). Guessing permissions?

  • Phil

    Hi, I’m getting a ‘553 Could not create file’ response. I’m using port 21 (for now). Any thoughts? Thanks

    • Phil

      Delete also fails (550 Delete operation failed). Guessing permissions?

  • Jim

    Hi, looks like the default config has changed since this was written, I don’t see the usePAM line, there’s pam_service and some rsa info

  • Jim

    Hi, looks like the default config has changed since this was written, I don’t see the usePAM line, there’s pam_service and some rsa info

  • Shahar

    Everything is working correctly!

    Thanks for this guide!

    However I suggest that you add a tiny commend on SFTP,

    ** If you already created the user john and the group ftpaccess you just simply have to put john inside ftpaccess

    sudo usermod -g ftpaccess john

    All the best

  • Shahar

    Everything is working correctly!

    Thanks for this guide!

    However I suggest that you add a tiny commend on SFTP,

    ** If you already created the user john and the group ftpaccess you just simply have to put john inside ftpaccess

    sudo usermod -g ftpaccess john

    All the best

  • Waqas Jamal

    I tried to follow this step by step on my AWS Ubuntu instance. But it didnt work. And now I am unable to login into my instance using my key pair. Any ideas? I tried to debug it using key pair permission issue but nothing worked so far

    • Jordan Baczuk

      Make sure you enable the ports on the instance security group settings (21) and (40000-41000).

  • Waqas Jamal

    I tried to follow this step by step on my AWS Ubuntu instance. But it didnt work. And now I am unable to login into my instance using my key pair. Any ideas? I tried to debug it using key pair permission issue but nothing worked so far. Even FTP doesnt work for the user I created. It gives me the error “Could not connect Server”

    • Make sure you enable the ports on the instance security group settings (21) and (40000-41000).

  • Jordan Baczuk

    It won’t work if your max port is lower than your min port. Change the passive ports in vsftpd.conf to:

    pasv_max_port=40000
    pasv_min_port=40100

  • It won’t work if your max port is lower than your min port. Change the passive ports in vsftpd.conf to:

    pasv_max_port=40100
    pasv_min_port=40000

    And you might need to enable these ports on your server’s firewall.

  • Dave Jennings

    Really helpful tutorial, cheers.

    One thing that bugged me after following your guide was that the Message of the Day was missing after SSHing onto my servers. This is due to commenting out the “UsePAM yes” within /etc/ssh/sshd_config.

    You can’t uncomment this as it is, as the config file will error and SSH won’t start. This option has to come before the Subsystem definition, so at Step 8, if you move the suggested changes to the bottom of the file and leave UsePAM as it is, things will work as expected and you’ll still get the MOTD displaying.

    I was setting this up on an AWS EC2 instance, so I had to add the following 2 lines to /etc/vsftpd.conf at Step 3.

    pasv_address=[public DNS from the EC2 instance]
    pasv_addr_resolve=Yes

    • Nicolas Challeil

      the Step-8-at-the-bottom was very useful, thanks 😉

  • Dave Jennings

    Really helpful tutorial, cheers.

    One thing that bugged me after following your guide was that the Message of the Day was missing after SSHing onto my servers. This is due to commenting out the “UsePAM yes” within /etc/ssh/sshd_config.

    You can’t uncomment this as it is, as the config file will error and SSH won’t start. This option has to come before the Subsystem definition, so at Step 8, if you move the suggested changes to the bottom of the file and leave UsePAM as it is, things will work as expected and you’ll still get the MOTD displaying.

    I was setting this up on an AWS EC2 instance, so I had to add the following 2 lines to /etc/vsftpd.conf at Step 3.

    pasv_address=[public DNS from the EC2 instance]
    pasv_addr_resolve=Yes

    • Nicolas Challeil

      the Step-8-at-the-bottom was very useful, thanks 😉

  • washaq

    hi,

    it didnot work on me, i start configuring from sftp, i did everything but whenever i try to connect it says Network Error: Computer refused connection. any idea?

    • Abderrahman Motrani

      same problem.

  • M0R3H4X

    Hi sir thnx Is Work Great
    I have problem with Port 80 Closed

  • Mike Dziedzic

    Wow! Thank you SIR! Your article provides an excellent guide for setting up an Ubuntu FTP/SFTP server.

  • Z1K Rider

    Be warned, if you do this, you will lose the ability to access your server via regular SSH for CLI access!

    • Ian Campbell

      Thank you – is there a way to reenable this? This article is like stepping on a landmine!

      • yabeweb

        Yeah .. i cannot connect wia SSH now… is there a way to fix it? read the comment a minute too late..

    • Rashid AlMasoudi

      Could you explain the reason please?

    • yabeweb

      Any fixer?

      • Gipfeli

        Same mistake here. Did you find a solution? Restart the server, maybe?

        • Jon

          You need to remove the user from the ftpaccess group and place them into another group. I placed my account back into the user group using:
          usermod -g users “user name”
          that should free you

    • Vaibhav

      Try using the “LESS SAFE” option of
      sudo usermod -a -G ftpaccess -s /bin/bash john
      instead of
      sudo useradd -m john -g ftpaccess -s /usr/sbin/nologin

    • Mithos

      This happens, if you missed “Find and comment the below line”.

    • johnaber

      Yeah , IT WILL HAPPEN WHEN YOU MAKE CHANGES IN /etc/ssh/ssh_config INSTEAD OF /etc/ssh/sshd_config . I have done the same mistake in the beginning .

  • Marek Miklovič

    Hi, sorry if is my question stupid, I am new in Linux.

    I log as root in terminal (using “sudo -i”) and then I tried to modify “/etc/vsftpd.conf” but I only got message -bash: /etc/vsftpd.conf: Access denied …If I am root I would do anything, isn´t it?

    PS: sorry for my english too

    • Patricio De Nos

      sudo nautilis /etc/vsftpd.conf
      and open with you password

  • thanks a lot it works 110% perfect.guys please take not on the ” eth0 ” interface at the end of “route add default gw 192.168.1.1 eth0” step when assigning a temporary IP addresses cause if you don’t it wont work #thats the mistake that l was doing all along and l could connect to the net

  • Pingback: Shell script to install and configure SFTP server on Ubuntu is broken - DexPage()

  • Pingback: Заметки "АЙПИШНИКА" » How to setup FTP server on ubuntu 14.04 ( VSFTPD )()

  • Pingback: AWS | Pearltrees()

  • Aiu

    1. create snapshot / backup if youre using vps/remote server 😀

  • Pingback: AWS EC2에 vsftpd 설치 | Design Arete 디자인아레테()

  • Samuel Bodin

    Is it possible to create an SFTP user which can upload files to the “var/www/html” directory without accessing files and folders outside this directory?

    I’m new to this…

  • Pingback: Unix/Linux:Does vsftpd support plain FTP? – Unix Questions()

  • Pingback: Unix/Linux:Restrict SFTP users to different directories – Unix Questions()

  • Pingback: AWS connection error: Permission denied (publickey) – segmentfault()

  • t6

    why do we do chown and mkdir (Step 10) ? why not just let john own /home/john?

  • gangesh00

    Very useful for local development on Ubuntu.

    Thank you

  • Abderrahman Motrani

    After finishing all sftp steps:

    Server unexpectedly closed network connection
    Could not connect to server

    Edit: Problem solved.

    • przemm

      How did you solve it?

      • Abderrahman Motrani

        I missed this step:
        sudo chown root /home/john

  • Pingback: [ASK] server - SFTP chroot to /var/www stopped working | Some Piece of Information()

  • Pingback: Setup FTP server on centos 7 ( VSFTP )()

  • Karteek Paruchuri

    I tried the steps mentioned above to set up FTP server in my ubuntu laptop. However the filezilla test only works on my local PC. When I tried to access from outside my network using Filezilla, the connection doesn’t get established. What am I missing here?

  • Danger

    DO NOT FOLLOW THIS GUIDE. This is causing massive problems on my system. Good thing a took a Snapshot.

    • johnaber

      I didn’t see any problems here , I’ve followed the steps on ubuntu and debian6 hosted on digital ocean nearly 10 servers and works as expected . Can you explain what kinda problems you faced ?

  • Nano Montoya Oliveros

    Could not chdir to home directory /home/jhon: No such file or directory

    This service allows sftp connections only.

  • mohit

    Hi, I am able to view the /home/username folder via SFTP but I am unable to make any changes or transfer file. Can you please help?

  • sridharan

    I have setup an ftp server in ubuntu. I am having access to my ftpserver. What i need right now is i need to unzip files in my ftpserver using ssh connection. (there is unzip command in ssh). How can i do this in C program? Thanks in advance

  • diiey

    hii.. i already follow all the steps.. everything was fine, but after i give permission to sub folder /var/www/html using chown, i got error connection timed out and i can’t even access my server anymore.. anybody get same problem

  • Colby Richmond

    Dear tutorial makers. Please start providing any and all requirements along with keeping your shit up to date. Thanks very fucking much!

  • My users are comming in the map /var/www/

    But as user martinmeijer i can see the domain map of an other user…

    How can i make it work that users only see their maps and not from other users

    I hope you understand what i mean