FTP(File Transfer Protocol) is a network protocol basically used for transferring files between a client and a server over a communication network. Various FTP clients with the capabilities of SFTP, FTPS are available. However, in this article we will be looking into plain old simple FTP.
In order for a sever to allow FTP access to its clients, it has to listen to client request on specific ports and the default port is 21. FTP may either run in active or passive mode.
In an active mode, client connects through port N(where N >1023) to the server on FTP server’s port 21. Then client starts listening on ports usually over N+1. Once client’s port is determined, server connects to the client from server’s local port that is 20.
In a passive mode, client initiates both connections to the server by opening two random ports N(N>1023) and N+1. The first port communicates with server’s port 21 and then sends a passive(PASV) command to the server and receives server’s IP address. Sending passive command informs server to open an unprivileged port (ports over 1023) and sends acknowledgement to the client. Finally client initiates the connection from port N+1 to server’s assigned unprivileged port. For this tutorial we will be using ports 40000 to 50000 as unprivileged ports for client to connect to the server.
Before we begin installing vsftpd, lets configure inbound port rules in the Virtual Machine in Microsoft Azure. The image below shows what rules are to be added.
Once we are done setting up inbound port rules we can proceed with installing vsftpd
sudo apt install vsftpd
Check if firewall is setup in Ubuntu Web Server. If not we will enable firewall and add all the port rules we set up in MS Azure to our server. Following commands can be used
sudo ufw status
sudo ufw enable
sudo ufw allow 20:21/tcp
sudo ufw allow 40000:50000/tcp
Now, we have got the basics for FTP done. All we need now a FTP user and the path the user can access in the server. Its best practice to restrict a user to a specific directory and give control only to that directory and its sub directories and not the parent directory. So, we create user
sudo adduser ftpclient
And we create directory for the user to access. Here we are creating two directories using -p option. mysite is the parent directory and public_html – the child directory are two new directories created
sudo mkdir -p /var/www/mysite/public_html
We would restrict the ftpclient user to only public_html directory so we set some permission for that user
sudo chown ftpclient:ftpclient /var/www/mysite
sudo chown ftpclient:ftpclient /var/www/mysite/public_html
sudo chmod 755 /var/www/mysite/public_html
Now lets create a file where we write in the user that we have created. So this file should contain ftpclient in a single line. You will realize why we are doing this in upcoming steps. For now lets get on with it.
sudo nano /etc/vsftpd.users
We have now created user and directories the use can access to. However, simple creating the structure is not enough. We now do the real deal, that is, configuring the FTP server. For this, we use vsftpd.conf file in /etc directory.
Note:It’s better to backup vsftpd.conf before editing
sudo nano /etc/vsftpd.conf
Following are the settings that need to be uncommented in this file
Add following lines anywhere in the file
After editing, save the file and restart vsftpd
sudo systemctl restart vsftpd
Then you can connect using FTP using username and password of the user ftpclient
ftp -p <ip_of_your_server>
Here is the video of vsftpd setup