VSFTPD, the full name is ‘Very Secure File Transfer Protocol Deamon’. is one of the most secure FTP daemons available where he’s used by default in Ubuntu, Centos, Fedora…
How to install and configure VSFTPD ? here we go
open the terminal and start the installation
sudo apt-get install vsftpd -y
to begin the configuration we should open the configuration file which is located under the /etc/ directory.
sudo nano /etc/vsftpd.conf
you can use nano, vi, vim.. as you like.
1. Disable anonymous login & enable writing for local users
our first move is changing anonymous_enable from YES to NO
this config will prevent anonymous login from unidentified users. which can stop many security issues in the future.
after that, we have to search for local_enable and write_enable and uncomment them (remove the #)
These changes will allow the local users to log in and they can write to the directory
2. Chroot users
first what is chroot in FTP servers?
chroot is a very important security feature of FTP servers. When you log in to an FTP server, you don’t want users to browse all your filesystem. You only want him/her to browse the files that he/she is able to access, usually their home directories. This is what chroot does. It locks the users in their home directories.
there are two options for chrooting users available, lets’s search for chroot_local_users and change the value to YES
this option will chroot all the users
if you want to allow particular users, then you will have to create a file /etc/vsftpd.chroot_list with a list of usernames inside that you want to chroot them.
if you want all the users to be free of chroot except some, then create a file /etc/vsftpd.chroot_list with a list of usernames that you want under chroot
3. Allowing and denying users from logging
to deny some users from login add these lines to the config file
then you have to create a file with the name vsftpd.denied_users and you have to add the users you want to deny one per line
if you want to the the opposite and allow just some users and deny all other users you have to
don’t forget to create a file named vsftpd.allowed_users and add all the usernames you want to allow one per line
To apply all these configuration you have to type this command in the terminal :
sudo /etc/init.d/vsftpd restart