How to create an FTP server on a Linux Virtual Machine hosted on Cloud?

how-to-do-ftp-on-linux-virtual-machine-on-azure

Hello guys, In this article, we will see how we can enable the FTP server on Linux Virtual machine that is hosted on any cloud platform mainly Azure and AWS.

Introduction

FTP, short for File Transfer Protocol, is a network protocol that was once widely used for moving files between a client and server. It has since been replaced by faster, more secure, and more convenient ways of delivering files. Many casual Internet users expect to download directly from their web browser with https, and command-line users are more likely to use secure protocols such as the scp or sftp.

In this tutorial, we’ll show you how to configure vsftpd to allow a user to upload files to his or her home directory on cloud using FTP with login credentials.

Prerequisites

To follow along with this tutorial you will need:

  • A Linux VM hosted on the cloud
  • An Ubuntu 18.04 server with a root user
  • An FTP client such as Filezilla
  • port 20-21 and 1024-1048 opened on your VM
Ports opened for FTP

Once you have an Ubuntu server in place with these ports opened, you’re ready to begin.

Step 1 — Installing vsftpd

We’ll start by updating our package list and installing the vsftpd daemon on your linux VM:

sudo apt-get update
sudo apt-get install vsftpd

When the installation is complete, we’ll copy the configuration file so we can start with a blank configuration, saving the original as a backup.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

With a backup of the configuration in place, we’re ready to prepare the user directory where we will store our files that can be accessed through FTP.

Step 2 — Preparing the User Directory

For this tutorial, we will create a new user to whom we will provide ftp access. You can also give access to your existing users by following this way. But, we will go ahead by creating a new user.

First, we’ll add a new user:

sudo adduser testuser

Enter a password when prompted and press ENTER through the other prompts.

FTP is generally more secure when users are restricted to a specific directory. vsftpd accomplishes this with chroot jails. When chroot is enabled for local users, they are restricted to their home directory by default. However, because of the way vsftpd secures the directory, it must not be writable by the user. This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also shell access.

In this example, rather than removing write privileges from the home directory, we’re will create an ftp directory to serve as the chroot and a writable files directory to hold the actual files.

Create the ftp folder, set its ownership, and be sure to remove write permissions with the following commands:

sudo mkdir /home/testuser/ftp
sudo chown nobody:nogroup /home/testuser/ftp
sudo chmod a-w /home/testuser/ftp

Let’s verify the permissions:

sudo ls -la /home/testuser/ftp
//Output
total 8
4 dr-xr-xr-x 2 nobody nogroup 4092 Dec 25 20:05
4 drwxr-xr-x 3 testuser testuser 4092 Dec 25 20:05

Next, we’ll create a new directory where files can be uploaded and assign ownership to the user:

sudo mkdir /home/testuser/ftp/files
sudo chown testuser:testuser /home/testuser/ftp/files

A permissions check on the files directory should return the following:

sudo ls -la /home/testuser/ftp
Output
total 12
dr-xr-xr-x 3 nobody nogroup 4092 Dec 25 13:10 ..
drwxr-xr-x 3 testuser  testuser   4092 Dec 25 11:58 ..
drwxr-xr-x 2 testuser  testuser   4092 Dec 25 13:10 files

Finally, we’ll add a test.txt file to use when we test later on:

echo "vsftpd test file" | sudo tee /home/testuser/ftp/files/test.txt

Now that we’ve secured the ftp directory and allowed the user access to the files directory, we’ll turn our attention to configuration.

Step 3 — Configuring FTP Access

We’re planning to allow a single user with a local shell account to connect with FTP. The two key settings for this are already set in vsftpd.conf. Start by opening the config file to verify that the settings in your configuration match those below:

sudo nano /etc/vsftpd.conf
. . .
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
. . .

Next we’ll need to change some values in the file. In order to allow the user to upload files, we’ll uncomment the write_enable setting in /etc/vsftpd.conf so that we have:

. . .
write_enable=YES
. . .

We’ll also uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree ./etc/vsftpd.conf

. . .
chroot_local_user=YES
. . .

We’ll add a user_sub_token in order to insert the username in our local_root directory path so our configuration will work for this user and any future users that might be added ./etc/vsftpd.conf

user_sub_token=$USER
local_root=/home/$USER/ftp

We’ll limit the range of ports that can be used for passive FTP to make sure enough connections are available so add these lines in /etc/vsftpd.conf

pasv_min_port=1024
pasv_max_port=1048

Note: We pre-opened the ports that we set here for the passive port range. If you change the values, be sure to update your firewall settings of Linux VM.

Since we’re only planning to allow FTP access on a case-by-case basis, we’ll set up the configuration so that access is given to a user only when they are explicitly added to a list rather than by default, so make these changes in /etc/vsftpd.conf

userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

userlist_deny toggles the logic. When it is set to “YES”, users on the list are denied FTP access. When it is set to “NO”, only users on the list are allowed access. When you’re done making the change, save and exit the file.

Finally, we’ll create and add our user to the file. We’ll use the -a flag to append to file:

echo "testuser" | sudo tee -a /etc/vsftpd.userlist

Double-check that it was added as you expected:

cat /etc/vsftpd.userlist
Output
testuser

Restart the daemon to load the configuration changes:

sudo systemctl restart vsftpd

Now we’re ready for testing.

Step 4 — Testing FTP Access

Now, we can open any FTP client and enter the hostname of our virtual machine, and the username as ‘testuser’ and password as set for the user. And, the port as 21. This will allow that user to access the files in the files directory on the virtual machine.

Conclusion

In this tutorial we covered setting up FTP for users with a local account on Azure or AWS. With this tutorial you will be able to enable ftp server on any VM which is running on Azure or any cloud platform.

Leave a Reply