Web server - FTP setup

From XennisWiki
Jump to: navigation, search

This article describes how to setup FTP on a Ubuntu web server using the widespread FTP server vsftpd.

Setup vsftpd with virtual user accounts (libpam-pwdfil)

Setup instructions accordingly Bourdeau[1]

Used software

  • Platform: Ubuntu 13.10 x64
    • Installed packages: vim, apache2 and apache2-utils
  • vsftpd version 3.0.2

Install vsftpd and libpam-pwdfile

Install the FTP server vsftpd and libpam-pwdfile to use virtual users

sudo apt-get install vsftpd libpam-pwdfile

Configure vsftpd

Backup the configuration file and open it

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
sudo vim /etc/vsftpd.conf

Change or add the following values in the vsftpd.conf file:

## --- General settings
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd
seccomp_sandbox=NO

## --- Additional options
# Show hidden files and the "." and ".." folders.
# Useful to not write over hidden files:
#force_dot_files=YES

Register virtual users

Create a user named USERNAME

sudo mkdir /etc/vsftpd
sudo htpasswd -cd /etc/vsftpd/ftpd.passwd USERNAME

Configure PAM

First backup configuration file and then open it

sudo cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.config
sudo vim /etc/pam.d/vsftpd

Replace the content of the file with

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

Create local user

Create a local user without shell access

sudo useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

Restart service

sudo /etc/init.d/vsftpd restart

Create directories

Create directories

mkdir /var/www/USERNAME
chmod -w /var/www/USERNAME
mkdir /var/www/USERNAME/www
chmod -R 755 /var/www/USERNAME/www
chown -R vsftpd:nogroup /var/www/USERNAME

Result

Now you should be able to use a FTP client like FileZilla to connect with the created user account.

Setup security - TLS/SSL/FTPS

Add the following lines to the /etc/vsftpd.conf file to enable SSL and TLS[2]

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
listen_port=990

Restart service

sudo /etc/init.d/vsftpd restart

Setup FTP client (FileZilla)

FTP client connection settings:

  • Port: 990
  • Protocol: FTP
  • Encryption: Require explicit FTP over TLS

Errors

500 OOPS: priv_sock_get_cmd

Error For instance you use FileZilla and try to connect and receive the error message:

500 OOPS: priv_sock_get_cmd

Solution To solve this error, just add the following line to the /etc/vsftpd.conf file[3]

seccomp_sandbox=NO

and restart the service

sudo service vsftpd restart

See also

References

  1. Bourdeau Julien (17 October 2013). "Setup VSFTPD with custom multiple directories and (virtual) users accounts on Ubuntu (no database required)". Sigerr. Retrieved 26 January 2014
  2. epimeteo (5 August 2007). "Howto: Easy FTP with vsftpd". Ubuntu Forums. Retrieved 26 January 2014
  3. "VSFTPD: 500 OOPS: priv_sock_get_cmd". ChemDroid.net. Retrieved 26 January 2014