Note
26 Apr 2022: "gedit" changed to "nano". Minor error corrected.
5 Sep 2019: "0755" changed to "0775" for "Ftp" directory.
7 May 2019: "gksudo gedit" changed to "sudo gedit" as Ubuntu 18.04 dropped "gksudo".
25 Dec 2014: Created.
Intro
FTP server enables directories to be accessible for downloading or uploading by users outside the local network.
Install
Install the package:
$ sudo apt-get install vsftpd
Edit config file:
$ sudo nano /etc/vsftpd.conf
Uncomment the following line to enable uploading:
write_enable=YES
Define as the following line to change the default directory permissions to 775 (drwxrwxr-x) and default file permissions to 664 (-rw-rw-r--):
local_umask=002
Uncomment the following lines to restrict users to their home except for those listed in the file represented by "chroot_list_file":
chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list
("vsftpd.choot_list" corrected as "vsftpd.chroot_list", 7 May 2019)
Save file after uncommenting.
Specify users who can go outside their home by inserting their user login names one on each line in the file represented by "chroot_list_file":
$ sudo nano /etc/vsftpd.chroot_list
("vsftpd/chroot_list" corrected as "vsftpd.chroot_list", 7 May 2019)
Restart ftp service whenever the config files are changed:
$ sudo systemctl restart vsftpd or $ sudo service vsftpd restart
Set the internet router to re-direct ftp connections to server port 21.
Set up a root FTP Directory to contain all FTP job folders
Change directory to the top directory assessible for use by Windows network through Samba:
$ cd /<full directory path from root>
Make a directory specially for FTP storage, called "Ftp" in this example:
$ sudo mkdir Ftp
Change its ownership so that it can be accessed by Windows network:
$ sudo chown nobody:nogroup Ftp
Change its permissions to "read only" for other users:
$ sudo chmod 0775 Ftp
("0755" changed to "0775" because for unknown reasons sub-directory cannot be created under "Ftp", 5 Sep 2019)
Check setting:
$ ls -ls
should show "drwxrwxr-x" and "nobody nogroup" against the "Ftp" item.
(drwxr-xr-x corrected as drwxrwxr-x, 26 Apr 2022)
Create a ftp user for specific job
Create a new user with authority to download and upload the job ftp directory:
$ sudo adduser <ftp user name>
Change the new user's root directory from /home/<ftp user name> to the job ftp directory:
$ sudo usermod -d /<full directory path from root>/Ftp/<job name> <ftp user name>
- <ftp user name> and <job name> can be the same or different
- <job name> will become ftp users' root directory, they will be restricted to see only files at or below the root directory, they will not see the name of <job name> or the directory structure outside the root directory
- Instead of <job name>, a further sub-directory such as <job name>/<sub job name> may be defined as the root directory
- The directory /<full directory path from root>/Ftp/<job name> will still exist but not be used for ftp
Set up a ftp directory for specific job for downloading
Create a job ftp directory under the Ftp directory:
- using Windows Explorer:
\\<server name>\<full folder path from server>\Ftp\<job name>
- or at the server terminal:
$ cd /<full directory path from root>/Ftp $ sudo mkdir <job name> $ sudo chown nobody:nogroup <job name> $ ls -ls
should show "drwxr-xr-x" or "drwxrwxr-x" and "nobody nogroup" against the <job name> item.
Further sub-directories may be created similarly for downloading purposes.
Set up a ftp directory for specific job for uploading
Create an "upload" sub-directory under the job ftp directory:
- using Windows Explorer:
\\<server name>\<full folder path from server>\Ftp\<job name>\upload
- or at the server terminal:
$ cd /<full directory path from root>/Ftp/<job name> $ sudo mkdir upload $ sudo chown nobody:nogroup upload
Change its permissions on the server to enable "write" for all:
$ cd /<full directory path from root>/Ftp/<job name> $ sudo chmod a+w upload
Check settings:
$ ls -ls
should show "drwxrwxrwx" and "nobody nogroup" against the "upload" item.
Upload or download
Internally, use Windows file explorer to copy or move files between the Windows networked computers to the ftp directories:
- copy files to \\< server name>\<full folder path from server >\Ftp\<job name> for downloading
- copy files from \\<server name>\<full folder path from server >\Ftp\<job name>\upload after uploading by others
Externally, inform external users the ftp user login name i.e. <ftp user name> and password for downloading or uploading.