FTP 서버 설치 (ubuntu 기준)

Step 1 - Install vsftpd

The first step is to install vsftpd.

$ sudo apt update 
$ sudo apt install vsftpd

Next, we need to backup the original configuration file so that we can start with a fresh configuration.

$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Step 3 - Configuring vsftpd

We will now go over some important settings in order for vsftpd to work.

Begin by opening the configuration file.

$ sudo nano /etc/vsftpd.conf

 FTP Access

In this tutorial, we will allow FTP access only to the local users and disable any anonymous access. To do this, make sure the following lines exist and are as follows.

anonymous_enable=NO 
local_enable=YES

2. Enabling File Uploads

The singular most important purpose of FTP here is to be able to write to the server. Uncomment the following line to enable file uploads by removing # in front of it.

write_enable=YES

3. Chroot Jail

FTP works best when a user is restricted to a certain directory. vsftpd achieves that by using chroot jails. When chroot is enabled for local users, they are restricted to their home directories by default. To achieve this, uncomment the following line.

chroot_local_user=YES

To prevent any security vulnerability, chroot when enabled won't work as long as the directory users are restricted to is writable.

To get around this limitation, we have two methods to allow file uploads when chroot is enabled.

1. Method 1 - This method works by using a different directory for FTP uploads. For this tutorial, we will create an ftp directory inside the user's home to serve as the chroot and a second writable directory upload for uploading the files. To achieve this, add the following lines at the bottom of the file.

user_sub_token=$USER 
local_root=/home/$USER/ftp

1. Method 2 - The second method is to simply grant writable access to the home directory as a whole. Add the following line to achieve this.

allow_writeable_chroot=YES

Restricting Users

To allow only certain users to log in to the FTP server, add the following lines at the bottom.

userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO

userlist_enable=YES 
userlist_file=/etc/vsftpd.userlist 
userlist_deny=NO

With this option enabled, we need to specify which users should be allowed to use FTP and add their usernames in the /etc/vsftpd.userlist file.

Restart vsftpd to enable the configuration.

$ sudo systemctl restart vsftpd

$ sudo systemctl restart vsftpd

Step 4 - Configuring User Directory

For the purpose of this tutorial, we will create a new user account for FTP transactions. If you already have a user account for this purpose, you can skip step 1. Also, if you had set allow_writeable_chroot=YES in the configuration file before, you can skip step 3.

Step 1 - Add a new user.

$ sudo adduser testuser

Set a strong password and skip through all the other prompts.

Step 2 - Add the user to the allowed FTP users list.

$ echo "testuser" | sudo tee -a /etc/vsftpd.userlist

$ echo "testuser" | sudo tee -a /etc/vsftpd.userlist

Step 3 - Create FTP and Files Directory

This step is if you want a different directory as FTP root and a different one for uploading files to get around the chroot jail limitation.

Create the FTP folder.

$ sudo mkdir /home/testuser/ftp

$ sudo mkdir /home/testuser/ftp

Set its ownership.

$ sudo chown nobody:nogroup /home/testuser/ftp

Remove the write permissions.

$ sudo chmod a-w /home/testuser/ftp

Verify the permissions before proceeding.

$ sudo ls -al /home/testuser/ftp total 8 dr-xr-xr-x 2 nobody nogroup 4096 Jun 7 13:08 . drwxr-xr-x 3 testuser testuser 4096 Jun 7 13:08 ..

Now let us create the actual writable directory for the files.

$ sudo mkdir /home/testuser/ftp/upload $ sudo chown testuser:testuser /home/testuser/ftp/upload

$ sudo mkdir /home/testuser/ftp/upload 
$ sudo chown testuser:testuser /home/testuser/ftp/upload

Test the permissions.

$ sudo ls -al /home/testuser/ftp 
total 12 dr-xr-xr-x 3 nobody nogroup 4096 Jun 7 13:10 . drwxr-xr-x 3 testuser testuser 4096 Jun 7 13:08 .. drwxr-xr-x 2 testuser testuser 4096 Jun 7 13:10 upload

Finally, let's add a test.txt file to use for testing.

$ echo "vsftpd test file" | sudo tee /home/testuser/ftp/upload/test.txt

$ echo "vsftpd test file" | sudo tee /home/testuser/ftp/upload/test.txt