In this guide, we will see how to configure an FTP server (ProFTPd) to transfer files between your PC and your server.
Prerequisites
A newly deployed RCS Debian or Ubuntu server instance.
A Sudo user.
Installation
Update the system.
sudo apt-get update
sudo apt-get dist-upgrade
Install proftpd
.
sudo apt-get install proftpd
During installation, you will be asked if you want to install in inetd
or standalone
mode. Choose the standalone
mode.
Configuration
Open the Proftpd configuration file.
sudo nano /etc/proftpd/proftpd.conf
The file will resemble the following text.
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Debian"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
...
Main configuration directives
ServerName
: Specifies the name of the FTP server. This name will be displayed when clients connect to the server.TimeoutIdle
: The time, in seconds, after which a client is automatically disconnected if it is no longer active on the FTP server.DefaultRoot
: Controls the default root directory assigned to a user upon login.Port
: The connection port to the FTP server. Almost all of the time this port is21
and you should not have to change it unless you are blocked by a firewall.PassivePorts
: Restricts the range of ports from which the server will select when sent thePASV
command from a client.MaxInstances
: The maximum number of simultaneous connections you want to allow on your FTP server.
Now, we have to activate the DefaultRoot
option. to do this, find the DefaultRoot
commented line and uncomment it.
DefaultRoot ~
The value ~
means that the user will be limited to the personal folder (e.g /home/user12
).
Note: By default, someone who connects to the FTP server can access all of the server folders, so it's recommended to enable the option DefaultRoot
.
Change the ServerName
.
ServerName : the name of your FTP server
Find and uncomment the following lines (removing the #
at the beginning of each line) to allow anonymous connections to your server.
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group nogroup
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp
RequireValidShell off
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
</Anonymous>
Note: If you enable anonymous connections on your FTP server, any user can connect to it. They will have access to the /home/ftp
directory and will be able to read and download files, but not modify or add files.
You can forbid the root user from accessing FTP by adding the following line.
RootLogin off
After the configuration has been changed, restart the server.
sudo service proftpd restart
Note: If an error line is displayed as "unable to resolve host", be aware that it does not matter and you can ignore it.
Add an FTP user
Add a user, for example, "myuser
".
useradd --shell /bin/false myuser
Create the home directory of our user "myuser
".
mkdir /home/myuser
Change the ownership of that directory to the user and group "myuser
".
chown myuser:myuser /home/myuser/
Set a password for the user "myuser
".
passwd myuser