Of Stack

Ubuntu configuring FTP server with vsftpd tutorial details

  • 2020-05-17 07:04:59
  • OfStack

This paper was tested in Ubuntu Server 14.04 amd64 system.

Install ftp

sudo apt-get install vsftpd

Configuration vsftpd conf

sudo nano /etc/vsftpd.conf 


# No anonymous access 
anonymous_enable=NO
# Accept local users 
local_enable=YES
# Allowed to upload 
write_enable=YES
# Users can only access restricted directories 
chroot_local_user=YES
# Set the fixed directory and add it at the end. If I don't add this 1 Ok, each user corresponds to their own directory, of course this folder is created by themselves 
local_root=/home/ftp

Look at the Internet and say add 1 line "pam_service_name=vsftpd", I see I already have this configuration file, let it go.

Add ftp users 


sudo useradd -d /home/ftp -M ftpuser
sudo passwd ftpuser

Adjust folder permissions

This is to avoid "500 OOPS: vsftpd: refusing to with writable root inside chroot()" 


sudo chmod a-w /home/ftp
sudo mkdir /home/ftp/data

You u will see the data folder after you log in this way, although it is a bit troublesome, for reasons that are not listed. Looking up information so bitter is not easy.

Change pam d/vsftpd

At this point, logging into ftp directly with useradd's account will result in 530 login incorrect 


sudo nano /etc/pam.d/vsftpd

Comment out the 


#auth required pam_shells.so

Restart vsftpd 


sudo service vsftpd restart

At this point, you can log in to ftp with the ftpuser user you just created, and you will see local_root set to /home/ftp and restricted to that directory.

In your browser to use ftp: / / xxx xxx. xxx. xxx access, can also use software such as flashFXP ftp, password is the password ftpuser.

About user access folder restrictions

chroot_local_user, chroot_list_enable, chroot_list_file

First of all, chroot_list_enable is easy to understand, that is: whether to enable the chroot_list_file configuration file, if the YES means that the chroot_list_file configuration file takes effect, otherwise it will not take effect;

Second, chroot_list_file is also simple. It is configured with a file path. The default is /etc/ vsftpd.chroot_list. However, the meaning of these accounts is not fixed and is related to the configuration item chroot_local_user. As stated in the last article;

Third, chroot_local_user for YES means that all users * cannot * switch to a directory other than their home directory, but! In addition to the chroot_list_file configuration file listed users. chroot_local_user for NO means that all users * can * switch to other directories than their home directory, but! In addition to the chroot_list_file configuration file listed users. It can also be understood as an chroot_list_file "exception" user.

If the client login prompts "connection failed in pasv mode"

Edit/etc/vsftpd conf

Finally add 


pasv_promiscuous=YES

Then restart the vsftpd service.

Related articles: