How to configure ftp server on Ubuntu

(Last Updated On: July 24, 2019)

How to Install and configure ftp server on Ubuntu 16.04

 

FTP stands for File Transfer Protocol, It requires a TCP/IP network framework to function properly. So as the name suggests, FTP is a protocol for transferring file or data from the server to the client. In here we will configure ftp server on a ubuntu distribution. The reason behind that, we will provide a secure channel for transferring data from server to client.

So few things we need to keep in mind before getting started. please find the details below.

  1. We have used Ubuntu 16.04 server to configure ftp server.
  2. IP – 10.100.98.48/16
  3. We have changed the default FTP port (21) to 2189 for security purpose.
  4. User has been created as “ftp-user”
  5. The directory used “/ftp-test”

 

 

 

Now let’s configure ftp server

[email protected]:# apt-get update && upgrade -y
[email protected]:# apt-get install proftpd -y

in between you will get a prompt like this...

configure ftp server on ubuntu

[email protected]:# ufw disable
Firewall stopped and disabled on system startup

Create a directory so that FTP client can access to that particular directory only.

[email protected]:# mkdir /ftp-test
[email protected]:# cd /ftp-test
[email protected]:/ftp-test# touch abc.txt
[email protected]:/ftp-test# ls
abc.txt

 

Add a user and give permission for a specific directory while you configure the FTP server. So that whenever anyone connects using these credentials, they can have access to that particular directory.

[email protected]:# useradd -d /ftp-test -s /bin/nologin ftp-user
[email protected]:# passwd ftp-user
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

 

Make sure proftpd service starts as a systemd service.

[email protected]:# systemctl enable proftpd
proftpd.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd-sysv-install enable proftpd

[email protected]:# systemctl start proftpd

 

Now edit the config file and make necessary changes.

[email protected]:# vi /etc/proftpd/proftpd.conf

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
# UseIPv6                               on
# If set on you can experience a longer connection delay in many cases.
IdentLookups                    off

ServerName                      "ftpserver"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200
DisplayLogin                    welcome.msg
DisplayChdir                    .message true
ListOptions                     "-l"

DenyFilter                      \*.*/

# Use this to jail all users in their homes
 DefaultRoot                    ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell             off

# Port 21 is the standard FTP port.
Port                            2189

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress             1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            proftpd
Group                           nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd              off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder                     mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile                   off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

# Logging onto /var/log/lastlog is enabled but set to off by default
#UseLastlog on

# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime.  If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.conf
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
#   User                                ftp
#   Group                               nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias                   anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser on ftp
#   DirFakeGroup on ftp
#
#   RequireValidShell           off
#
#   # Limit the maximum number of anonymous logins
#   MaxClients                  10
#
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin                        welcome.msg
#   DisplayChdir                .message
#
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
#
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                           022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
#
# </Anonymous>
<Anonymous /ftp-test>

AnonRequirePassword                                on
User                                               ftp-user
Group                                              nogroup
RequireValidShell                                  off
<Directory *>
<Limit WRITE>
          AllowAll
</Limit>
</Directory>
</Anonymous>
# Include other custom configuration files
Include /etc/proftpd/conf.d/

[email protected]:# systemctl restart proftpd

 

Client part:

Access FTP from the command line.

[email protected]:/ftp-test# ftp localhost 2189
Connected to localhost.
220 ProFTPD 1.3.5a Server (ftpserver) [::1]
Name (localhost:support): ftp-user
331 Password required for ftp-user
Password:
230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 EPRT command successful
150 Opening ASCII mode data connection for file list
-rw-r--r-- 1 0 0 0 Jul 23 23:42 abc.txt
226 Transfer complete
ftp>

 

Access FTP fro GUI:

Url:  ftp://10.100.98.48:2189
user: ftp-user
password - ********

Access it from a browser or any other third-party application.

configure ftp server on ubuntu

Conclusion:

Hi guys, I have tried my best to simplify things about the installation and configuration part of FTP server. By following these steps you can easily configure ftp server on ubuntu or any other Linux distro.

Now I am expecting your responses. If you like this content or even dislike,  just leave a comment. Your responses will motivate me to do better and deliver better. I will try my best to enrich my skill.

So thank you guys, Have a good day.

Rate this content
Sending
User Review
4.33 (3 votes)

One Response

  1. Raju

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ad Blocker Detected

Ad Blocker Detected, please disable it to help this page in many ways. Thank you so much.

Refresh