Hello guys, In this article, we will see how we can enable the FTP server on Linux Virtual machine that is hosted on any cloud platform mainly Azure and AWS.
FTP, short for File Transfer Protocol, is a network protocol that was once widely used for moving files between a client and server. It has since been replaced by faster, more secure, and more convenient ways of delivering files. Many casual Internet users expect to download directly from their web browser with
https, and command-line users are more likely to use secure protocols such as the scp or sftp.
In this tutorial, we’ll show you how to configure vsftpd to allow a user to upload files to his or her home directory on cloud using FTP with login credentials.
To follow along with this tutorial you will need:
- A Linux VM hosted on the cloud
- An Ubuntu 18.04 server with a root user
- An FTP client such as Filezilla
- port 20-21 and 1024-1048 opened on your VM
Once you have an Ubuntu server in place with these ports opened, you’re ready to begin.
Step 1 — Installing vsftpd
We’ll start by updating our package list and installing the vsftpd daemon on your linux VM:
sudo apt-get update sudo apt-get install vsftpd
When the installation is complete, we’ll copy the configuration file so we can start with a blank configuration, saving the original as a backup.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
With a backup of the configuration in place, we’re ready to prepare the user directory where we will store our files that can be accessed through FTP.
Step 2 — Preparing the User Directory
For this tutorial, we will create a new user to whom we will provide ftp access. You can also give access to your existing users by following this way. But, we will go ahead by creating a new user.
First, we’ll add a new user:
sudo adduser testuser
Enter a password when prompted and press ENTER through the other prompts.
FTP is generally more secure when users are restricted to a specific directory.
vsftpd accomplishes this with
chroot jails. When
chroot is enabled for local users, they are restricted to their home directory by default. However, because of the way
vsftpd secures the directory, it must not be writable by the user. This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also shell access.
In this example, rather than removing write privileges from the home directory, we’re will create an
ftp directory to serve as the
chroot and a writable
files directory to hold the actual files.
ftp folder, set its ownership, and be sure to remove write permissions with the following commands:
sudo mkdir /home/testuser/ftp sudo chown nobody:nogroup /home/testuser/ftp sudo chmod a-w /home/testuser/ftp
Let’s verify the permissions:
sudo ls -la /home/testuser/ftp
//Output total 8 4 dr-xr-xr-x 2 nobody nogroup 4092 Dec 25 20:05 4 drwxr-xr-x 3 testuser testuser 4092 Dec 25 20:05
Next, we’ll create a new directory where files can be uploaded and assign ownership to the user:
sudo mkdir /home/testuser/ftp/files sudo chown testuser:testuser /home/testuser/ftp/files
A permissions check on the
files directory should return the following:
sudo ls -la /home/testuser/ftp
Output total 12 dr-xr-xr-x 3 nobody nogroup 4092 Dec 25 13:10 .. drwxr-xr-x 3 testuser testuser 4092 Dec 25 11:58 .. drwxr-xr-x 2 testuser testuser 4092 Dec 25 13:10 files
Finally, we’ll add a
test.txt file to use when we test later on:
echo "vsftpd test file" | sudo tee /home/testuser/ftp/files/test.txt
Now that we’ve secured the
ftp directory and allowed the user access to the
files directory, we’ll turn our attention to configuration.
Step 3 — Configuring FTP Access
We’re planning to allow a single user with a local shell account to connect with FTP. The two key settings for this are already set in
vsftpd.conf. Start by opening the config file to verify that the settings in your configuration match those below:
sudo nano /etc/vsftpd.conf
. . . # Allow anonymous FTP? (Disabled by default). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES . . .
Next we’ll need to change some values in the file. In order to allow the user to upload files, we’ll uncomment the
write_enable setting in /etc/vsftpd.conf so that we have:
. . . write_enable=YES . . .
We’ll also uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree ./etc/vsftpd.conf
. . . chroot_local_user=YES . . .
We’ll add a
user_sub_token in order to insert the username in our
local_root directory path so our configuration will work for this user and any future users that might be added ./etc/vsftpd.conf
We’ll limit the range of ports that can be used for passive FTP to make sure enough connections are available so add these lines in /etc/vsftpd.conf
Note: We pre-opened the ports that we set here for the passive port range. If you change the values, be sure to update your firewall settings of Linux VM.
Since we’re only planning to allow FTP access on a case-by-case basis, we’ll set up the configuration so that access is given to a user only when they are explicitly added to a list rather than by default, so make these changes in /etc/vsftpd.conf
userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
userlist_deny toggles the logic. When it is set to “YES”, users on the list are denied FTP access. When it is set to “NO”, only users on the list are allowed access. When you’re done making the change, save and exit the file.
Finally, we’ll create and add our user to the file. We’ll use the
-a flag to append to file:
echo "testuser" | sudo tee -a /etc/vsftpd.userlist
Double-check that it was added as you expected:
Restart the daemon to load the configuration changes:
sudo systemctl restart vsftpd
Now we’re ready for testing.
Step 4 — Testing FTP Access
Now, we can open any FTP client and enter the hostname of our virtual machine, and the username as ‘testuser’ and password as set for the user. And, the port as 21. This will allow that user to access the files in the files directory on the virtual machine.
In this tutorial we covered setting up FTP for users with a local account on Azure or AWS. With this tutorial you will be able to enable ftp server on any VM which is running on Azure or any cloud platform.