After spending a good part of my weekend fiddling with VSFTPD, I’m very happy that I managed to get it to work properly.
My goal was to create a simple, anonymous and private FTP server for my home network. It should facilitate sharing files between my machines.
If you’d like to try out my configuration all you need to do is look at the following commands and replace your configuration file with mine. The configuration file will be provided later in the article.
# For Ubuntu sudo apt-get install vsftpd sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig # Make the directories for the server sudo mkdir -p /srv/vsftpd/root/public sudo touch /srv/vsftpd/banner # Change permissions and set ownership sudo chown -R ftp:ftp /srv/vsftpd/ /srv/vsftpd/banner sudo chmod -R 555 /srv/vsftpd/ /srv/vsftpd/banner sudo chmod 775 /srv/vsftpd/root/public # Edit the configuration file # /etc/vsftpd.conf with editor of choice # Restart the service and check the status sudo systemctl restart vsftpd sudo systemctl status vsftpd
The configuration file vsftpd.conf that I use can be found below:
# Nucu Labs's BUSY vsFTPd server configuration file. # Denis Nutiu 09.02.2019 # Scope of the server: The server is supposed to facilitate easy file sharing and should # be only available on the local network. No outside access is allowed! # The meaning of this configuration file and the full list of options can be found by # checking the manual page of vsftpd. listen=NO listen_ipv6=YES ### Debug Options # If enabled, a log file will be maintained detailing uploads and downloads. # By default, this file will be placed at /var/log/vsftpd.log, xferlog_enable=YES # debug_ssl=YES # log_ftp_protocol=YES # syslog_enable=YES ### # If enabled, both the usernames ftp and anonymous are recognised as anonymous logins. anonymous_enable=YES # This option represents a directory which vsftpd will try to change into after an anonymous login. # Failure is silently ignored. anon_root=/srv/vsftp/root local_root=/srv/vsftp/root allow_writeable_chroot=YES # Enable local users to login to the FTP. local_enable=NO # This option is the name of a file containing text to display when someone connects to the server. banner_file=/srv/vsftp/banner # When enabled, this prevents vsftpd from asking for an anonymous password # - the anonymous user will log straight in. no_anon_password=YES # If set to YES, anonymous users will be permitted to create new directories under certain conditions. # For this to work, the option write_enable must be activated, # and the anonymous ftp user must have write permission on the parent directory. anon_mkdir_write_enable=YES # If set to YES, anonymous users will be permitted to perform write operations # other than upload and create directory, such as deletion and renaming. # This is generally not recommended but included for completeness. anon_other_write_enable=YES # If set to YES, anonymous users will be permitted to upload files under certain conditions. anon_upload_enable=YES # When enabled, anonymous users will only be allowed to download files which are world readable. anon_world_readable_only=YES # If enabled, all anonymously uploaded files will have the ownership changed # to the user specified in the setting chown_username chown_uploads=YES chown_username=ftp nopriv_user=ftp delete_failed_uploads=YES # If enabled, users of the FTP server can be shown messages when they first enter # a new directory. By default, a directory is scanned for the file .message. dirmessage_enable=YES # If enabled, all user and group information in directory listings will be displayed as "ftp". hide_ids=YES # Allows: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE. write_enable=YES # Upload files are executable. chown_upload_mode=0777 file_open_mode=0777 local_umask=002 anon_umask=002 ### # Use the system's local time in GMT. use_localtime=YES # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd/empty # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # Uncomment this to indicate that vsftpd use a utf8 filesystem. utf8_filesystem=YES
Using this setup will give you a fully working anonymous VSFTPD server. BUT WAIT! Make sure that you don’t expose the server to the internet! Keep it for private use only, since the server is anonymous everyone can download and upload files.
I had lots of trouble getting the permissions right, if you don’t get the permissions right you’ll find yourself unable to upload files, download them, create directories or cd into directories.
The most common error I encountered was Writable root. Owner of the chroot() is root and has write permissions. This was fixed by removing the write permission from the /srv/vsftpd/root directory.
Another thing you may want is to add your user to the ftp group. I did miss the -a when I added myself and I ended up removing myself from all groups, except the ftp group. I had to boot Ubuntu in Recovery Mode, get a root shell and add myself back to sudo as well as other administrative groups. To add yourself to the ftp group, you can safely copy paste the following command:
sudo usermod -a -G ftp $USER.
If the banner file (the one created with the touch command above) is not existent or permissions are insufficient, the server won’t start.
To be honest I haven’t used FTP that much. Everytime you connect to the VSFTPD server you should do so in passive mode, this means that the server will open another socket when doing an operation instead of initializing a connection to you (the client), if you don’t use passive FTP mode, you’ll get a prompt from your firewall to allow the FTP client to pass through. To connect using passive FTP, you should run:
ftp -p ftp_server_ip_or_alias
When uploading images, pdfs or other binary files, you’ll need to issue the binary command in your FTP client, before the put command, otherwise things are going to get messy and the binary file will get corrupted.
I had great fun installing and configuring VSFTPD, also writing this article. If you need anymore help with VSFTPD I suggest visiting the Arch Linux wiki page, it contains a great deal of information.
Thank you for reading and have a great day!
It is a well-known fact that all human beings are different and unique in their ways. However, no matter how unique and different we are from one another, one thing which remains the same between all of us is our innate nature to commit mistakes.