How to create an FTP server on a Linux Virtual Machine hosted on Cloud?
Hello guys, In this article, we will see how we can enable the FTP server on Linux Virtual machine that is hosted on any cloud platform mainly Azure and AWS.
Introduction
FTP, short for File Transfer Protocol, is a network protocol that was once widely used for moving files between a client and server. It has since been replaced by faster, more secure, and more convenient ways of delivering files. Many casual Internet users expect to download directly from their web browser with https, and command-line users are more likely to use secure protocols such as the scp or sftp.
In this tutorial, we’ll show you how to configure vsftpd to allow a user to upload files to his or her home directory on cloud using FTP with login credentials.
Prerequisites
To follow along with this tutorial you will need:
- A Linux VM hosted on the cloud
- An Ubuntu 18.04 server with a root user
- An FTP client such as Filezilla
- port 20-21 and 1024-1048 opened on your VM
Once you have an Ubuntu server in place with these ports opened, you’re ready to begin.
Step 1 — Installing vsftpd
We’ll start by updating our package list and installing the vsftpd daemon on your linux VM:
sudo apt-get update
sudo apt-get install vsftpdWhen the installation is complete, we’ll copy the configuration file so we can start with a blank configuration, saving the original as a backup.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.origWith a backup of the configuration in place, we’re ready to prepare the user directory where we will store our files that can be accessed through FTP.
Step 2 — Preparing the User Directory
For this tutorial, we will create a new user to whom we will provide ftp access. You can also give access to your existing users by following this way. But, we will go ahead by creating a new user.
First, we’ll add a new user:
sudo adduser testuserEnter a password when prompted and press ENTER through the other prompts.
FTP is generally more secure when users are restricted to a specific directory. vsftpd accomplishes this with chroot jails. When chroot is enabled for local users, they are restricted to their home directory by default. However, because of the way vsftpd secures the directory, it must not be writable by the user. This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also shell access.
In this example, rather than removing write privileges from the home directory, we’re will create an ftp directory to serve as the chroot and a writable files directory to hold the actual files.
Create the ftp folder, set its ownership, and be sure to remove write permissions with the following commands:
sudo mkdir /home/testuser/ftp
sudo chown nobody:nogroup /home/testuser/ftp
sudo chmod a-w /home/testuser/ftpLet’s verify the permissions:
sudo ls -la /home/testuser/ftp//Output
total 8
4 dr-xr-xr-x 2 nobody nogroup 4092 Dec 25 20:05
4 drwxr-xr-x 3 testuser testuser 4092 Dec 25 20:05Next, we’ll create a new directory where files can be uploaded and assign ownership to the user:
sudo mkdir /home/testuser/ftp/files
sudo chown testuser:testuser /home/testuser/ftp/filesA permissions check on the files directory should return the following:
sudo ls -la /home/testuser/ftpOutput
total 12
dr-xr-xr-x 3 nobody nogroup 4092 Dec 25 13:10 ..
drwxr-xr-x 3 testuser testuser 4092 Dec 25 11:58 ..
drwxr-xr-x 2 testuser testuser 4092 Dec 25 13:10 filesFinally, we’ll add a test.txt file to use when we test later on:
echo "vsftpd test file" | sudo tee /home/testuser/ftp/files/test.txtNow that we’ve secured the ftp directory and allowed the user access to the files directory, we’ll turn our attention to configuration.
Step 3 — Configuring FTP Access
We’re planning to allow a single user with a local shell account to connect with FTP. The two key settings for this are already set in vsftpd.conf. Start by opening the config file to verify that the settings in your configuration match those below:
sudo nano /etc/vsftpd.conf
. . .
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
. . .Next we’ll need to change some values in the file. In order to allow the user to upload files, we’ll uncomment the write_enable setting in /etc/vsftpd.conf so that we have:
. . .
write_enable=YES
. . .We’ll also uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree ./etc/vsftpd.conf
. . .
chroot_local_user=YES
. . .We’ll add a user_sub_token in order to insert the username in our local_root directory path so our configuration will work for this user and any future users that might be added ./etc/vsftpd.conf
user_sub_token=$USER
local_root=/home/$USER/ftpWe’ll limit the range of ports that can be used for passive FTP to make sure enough connections are available so add these lines in /etc/vsftpd.conf
pasv_min_port=1024
pasv_max_port=1048Note: We pre-opened the ports that we set here for the passive port range. If you change the values, be sure to update your firewall settings of Linux VM.
Since we’re only planning to allow FTP access on a case-by-case basis, we’ll set up the configuration so that access is given to a user only when they are explicitly added to a list rather than by default, so make these changes in /etc/vsftpd.conf
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NOuserlist_deny toggles the logic. When it is set to “YES”, users on the list are denied FTP access. When it is set to “NO”, only users on the list are allowed access. When you’re done making the change, save and exit the file.
Finally, we’ll create and add our user to the file. We’ll use the -a flag to append to file:
echo "testuser" | sudo tee -a /etc/vsftpd.userlist
Double-check that it was added as you expected:
cat /etc/vsftpd.userlist
Output
testuser
Restart the daemon to load the configuration changes:
sudo systemctl restart vsftpdNow we’re ready for testing.
Step 4 — Testing FTP Access
Now, we can open any FTP client and enter the hostname of our virtual machine, and the username as ‘testuser’ and password as set for the user. And, the port as 21. This will allow that user to access the files in the files directory on the virtual machine.
Conclusion
In this tutorial we covered setting up FTP for users with a local account on Azure or AWS. With this tutorial you will be able to enable ftp server on any VM which is running on Azure or any cloud platform.
