FTP server is a service that allows exchange of files in a very simple form. It enables you to drop massive amount of files fairly quickly. You set up a server that can serve and accept files. We are setting up an FTP server so that YOU can upload and download files, but only on the local network.
Why local network only? Mainly because FTP is insecure. It sends the password in the clear. Like 100% clear. Any data spoofing software can just yank your password and your server is now completely vulnerable. Worst case scenario would be that all your data is now compromised. If you do not have any spyware on your PC then you can utilize FTP on local network without any worry. Keep your antivirus on that Windows machine up to date!
If you want to share files with others it is best to put them on your website directly, which is simpler and users have access only to the files you have shared on the website. Seriously Later I will show you how to just drop files in a public folder so anyone can access them if that is what you need. Do not use FTP to share files. We are not in the ’90 anymore. You can set up a server open to everybody, but again – why bother with a dedicated service if we can utilize HTTP protocol?
Setting up an FTP server
Setting up a basic FTP server if a fairly simple task via a package called vsftpd (or Very Secure FTP Daemon). I will show you how to set up the service so that your administrative account will be able to rummage around the server.
- For LAN access – nothing
- For internet access (not recommenced) – enable port forwarding for FTP access
- If you followed basic security tutorial – add rules in UFW to allow FTP access
Creating an FTP folder
Even if you are the sole user of your FTP it is still a good idea to have one specific folder where you can dump your files, but not required. If on the other hand you are planning on making your files public (do not do that via FTP, see above why), then you just have to have a specific folder for them.
Run the following code to create a directory for your files
sudo mkdir /var/ftp
As with custom logs from previous tutorial about security, you can specify a folder wherever you want it to be – /var/ is a good choice.
By default the owner of the folder will be root. As we do not use root account, files would have to be copied to the folder using sudo command, let us claim the folder for the administrative user account we created previously (if you have followed previous tutorials you are using it now) by running the chown command
sudo chown -R $USER:$USER /var/ftp/
Just remember to substitute $USER with your username.
We should also adjust permissions so that we can read and write with this user while allowing other users to only download files. That is Linux administration 101 – look, but do not touch. Run the following
sudo chmod -R 755 /var/ftp/
This way the administrative user will have full control over the folder, but if we decide to make an account for another user, said user will only be able to download files from this folder. Execute rights are in place so that the directory can be listed.
Installation is simple, run the following command
sudo apt install vsftpd
Daemon will be configured using the default configuration file located here
and, by default, vsftpd will be started immediately and every time your server boots up the FTP service will start on its own as well.
It is a good idea to make a backup of the config file so that purging and reinstalling will not be necessary in case we screw up the config too much. Run the following command
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_OLD
If you want to remove the modified config and restore the original run the following two commands
sudo rm /etc/vsftpd.conf sudo cp /etc/vsftpd.conf_OLD /etc/vsftpd.conf
Backup of our config will remain as _OLD in case you screw up again.
Everything is done via the configuration file mentioned above. If you want a more in-depth explanation of expressions used in the configuration file, follow this link. For now we will just configure the server so that you can download and upload files, while being able to navigate the whole filesystem.
CAUTION default values of the vsftpd.conf change between version, default config is pretty strict though
CAUTION some of the lines I am instructing you to put in the file are already there. Make sure the lines you are adding are not already present in the file. If they are, you can modify them directly or comment them out by putting # sign at the beginning of the line and adding all your custom lines in one place
Open the configuration file by running
sudo nano /etc/vsftpd.conf
First, we want to tell vsftpd to open connections on ports specified by us in the security part of the tutorial, add the following to the config
If you do not remember which range you have opened run the following
sudo ufw status numbered
Or go here for a refresher about UFW
Next, we want to make sure that anonymous users cannot log in, but local users can, local meaning users with accounts on your server. We also want to be able to upload files as well. Add the following three lines to the config
anonymous_enable=NO local_enable=YES write_enable=YES
You can specify the folder we created previously to be opened upon logging in by adding
Now let up reload the config file by running the following command
sudo service vsftpd reload
That is basically it, you should be able to connect to your server now.
Connecting to your FTP server
You can test the FTP with your browser. Type the local IP address of your server in the address bar, in the following manner
put your credentials (user and password), and it should display the contents of the /var/ftp/ folder
You will not be able to upload files with your browser.
FileZilla is a great and free FTP client which will help us to upload and download from our server. Grab it from here.
Once you open the FileZilla client, take a look at the top of your screen. You should be able to find the following
In the Host field put your server IP, fill out the username and password fields as well and click Quickconnect
FileZilla should take you to your /var/ftp/ folder. You can download and upload files as you wish. If you cannot upload files check if vsftpd.conf file has write_enabled=YES directive and that the user you are logged in as has permission to write to that folder (see chmod command to rectify that).
Securing your FTP server connection with a certificate
Once you have a certificate, you can use it with FTP as well. In order to enable the certificate, go back to vsftpd.conf file and change the following three lines
#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ssl_enable=NO
/etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem ssl_enable=YES
Substitute example.com with the FQDN of your website. Certbot will tell you where exactly is your certificate, you can copy file paths to a local file for ease of use. Jut keep them private, even the links. This information certifies that your website is actually what it seems to be.
After enabling the certificate you have lost the ability to connect to your FTP server with a browser, as they are unable to provide a SSL connection over FTP. It is just the way it is.
FileZilla on the other hand, upon your first connection, will display a window informing you about the certificate of your server. It will look something like this
Image credit digicert.com
For convenience you can tick the box at the bottom and FileZilla will remember your certificate upon future secure connections.
Since it is only you who will use the FTP server, you can skip certificate part entirely. Seriously, do not connect via FTP to your server from outside your local network.
Enabling and disabling FTP server
If you are not actively using FTP you might as well disable the service. Why constantly run something that is not in use? Enable it only when you need to upload something, and then disable it again.
To disable the service run the following command
sudo service vsftpd stop
If you want to enable the service run the following
sudo service vsftpd start
Any FTP connection will be impossible with vsftpd service stopped, that should be obvious. Remember that when you are scratching your head and trying to figure out why you cannot connect to upload your photos any more.
To check if FTP is running type the following
sudo service vsftpd status
If you want to start, stop or check other services just substitute vsftpd with the service name.
FTP is not the best way of serving files to users, but it is an invaluable tool for us to upload to our server. If you want to upload dozens of pictures for your WordPress site you can do it in a jiffy rather than use the WordPress Media tab and upload one by one.
Just make sure that you do not open the server to everybody in the whole world.