September 26, 2022

VSFTPD, the full name is ‘Very Secure File Transfer Protocol Deamon’. is one of the most secure FTP daemons available where he’s used by default in Ubuntu, Centos, Fedora…

How to install and configure VSFTPD ? here we go

Installation

open the terminal and start the installation

sudo apt-get install vsftpd -y

Configuration

to begin the configuration we should open the configuration file which is located under the /etc/ directory.

sudo nano /etc/vsftpd.conf

you can use nano, vi, vim.. as you like.

1. Disable anonymous login & enable writing for local users

our first move is changing anonymous_enable from YES to NO

anonymous_enable=NO

this config will prevent anonymous login from unidentified users. which can stop many security issues in the future.
after that, we have to search for local_enable and write_enable and uncomment them (remove the #)

local_enable=YES
write_enable=YES

These changes will allow the local users to log in and they can write to the directory

2. Chroot users

first what is chroot in FTP servers?
chroot is a very important security feature of FTP servers. When you log in to an FTP server, you don’t want users to browse all your filesystem. You only want him/her to browse the files that he/she is able to access, usually their home directories. This is what chroot does. It locks the users in their home directories.

there are two options for chrooting users available, lets’s search for chroot_local_users and change the value to YES
this option will chroot all the users

chroot_local_users=YES 

chroot_list_enable=NO

if you want to allow particular users, then you will have to create a file /etc/vsftpd.chroot_list with a list of usernames inside that you want to chroot them.

chroot_local_users=NO

chroot_list_enable=YES

if you want all the users to be free of chroot except some, then create a file /etc/vsftpd.chroot_list with a list of usernames that you want under chroot

chroot_local_users=YES

chroot_list_enable=YES

3. Allowing and denying users from logging

to deny some users from login add these lines to the config file

userlist_deny=YES

userlist_file=/etc/vsftpd.allowed_users

then you have to create a file with the name vsftpd.denied_users and you have to add the users you want to deny one per line

if you want to the the opposite and allow just some users and deny all other users you have to

userlist_deny=NO

userlist_enable=YES

userlist_file=/etc/vsftpd.allowed_users

don’t forget to create a file named vsftpd.allowed_users and add all the usernames you want to allow one per line

To apply all these configuration you have to type this command in the terminal :

sudo /etc/init.d/vsftpd restart

1 thought on “How to install and configure VSFTPD

Leave a Reply

Your email address will not be published.