Setup FTP server on Linux

FTP, which stands for “File Transfer Protocol,” is a useful way for transferring files between a client and a server. Depending on the permissions granted to a user, they can traverse directories on the server, download the files to their local computer, and also upload files from their computer to the server. Usually, servers are kept secure by only allowing users with accounts to login via FTP, but it is also possible to configure anonymous authorization, which allows anyone to connect to the server to download and/or upload files.

Running an FTP server is a good choice if you need to allow users access to hosted files or grant them the ability to put their local files onto the server. This is because FTP is widely supported (especially on a Linux system), simple to use, and easy to configure when it comes to user permissions.

In this tutorial, we will cover the step by step instructions to set up an FTP server on a Linux system. We will also see how to configure the FTP server through various settings, then how to use command line, GNOME GUI, or FTP client software to connect to the FTP server.

WARNING – FTP IS NOT ENCRYPTED
FTP will suffice for some situations, but for connections over the internet, SFTP is recommended. This is because FTP is not secure to use over an internet connection, since your credentials and data are transmitted without encryption. The ‘S’ in SFTP stands for ‘Secure’ and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection. To learn more about SFTP, see our tutorial on How to Securely Transfer Files With SFTP.

In this tutorial you will learn:

  • How to install and configure vsftpd on major Linux distros
  • How to allow FTP traffic through system firewall
  • How to setup an FTP user account
  • How to connect to FTP server via command line
  • How to connect to FTP server via GUI
  • How to configure anonymous FTP login
  • How to change the default FTP listening port
Setup FTP server on Linux
Setup FTP server on Linux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software vsftpd
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to Install vsftpd on Linux




vsftpd (very secure FTP daemon) is one of the best and most popular FTP servers for Linux. Others also exist, but vsftpd is what we recommend using. You can use the appropriate command below to install vsftpd with your system’s package manager.

To install vsftpd on Ubuntu, Debian, and Linux Mint:

$ sudo apt install vsftpd

To install vsftpd on Fedora, CentOS, AlmaLinux, and Red Hat:

$ sudo dnf install vsftpd

To install vsftpd on Arch Linux and Manjaro:

$ sudo pacman -S vsftpd

Configuring a vsftpd Server

After installation, we will go through a basic configuration to get the FTP server up and running:

  1. It is always best practice to keep a backup copy of the original config file, just in case something goes wrong later. Let’s rename the default config file:
    $ sudo mv /etc/vsftpd.conf /etc/vsftpd.conf_orig
    
  2. Create a new vsftpd configuration file using nano or whichever text editor you prefer:
    $ sudo nano /etc/vsftpd.conf
    
  3. Copy the following base configuration into your file. This configuration will suffice for a basic FTP server, and can later be tweaked for the specific needs of your environment once you have verified this is working properly:
    listen=NO
    listen_ipv6=YES
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    dirmessage_enable=YES
    use_localtime=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    chroot_local_user=YES
    secure_chroot_dir=/var/run/vsftpd/empty
    pam_service_name=vsftpd
    rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    ssl_enable=NO
    pasv_enable=Yes
    pasv_min_port=10000
    pasv_max_port=10100
    allow_writeable_chroot=YES

    Paste the above lines into your newly created /etc/vsftpd.conf file, and then save changes and close the file.

    vsftpd configuration file
    vsftpd configuration file



  4. Your Linux firewall might be configured to block connections to FTP currently, but executing the appropriate command below for your distribution will create an exception to allow the traffic:

    On Ubuntu and systems using ufw (uncomplicated firewall):

    $ sudo ufw allow from any to any port 20,21 proto tcp
    

    On RHEL based distros or any others using firewalld:

    $ sudo firewall-cmd --zone=public --permanent --add-service=ftp
    

    Or if you are just using iptables and no firewall frontend:

    $ sudo iptables -A INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp --dport 20,21 -j ACCEPT
    
  5. With the configuration file saved and the firewall rules updated, restart vsftpd to apply the new changes:
    $ sudo systemctl restart vsftpd
    

Creating an FTP User

Our FTP server is ready to receive incoming connections, so now it is time to create a new user account that we will use to connect to the FTP service.

  1. Use this first command to create a new account called ftpuser, and the second command to set a password for the account:
    $ sudo useradd -m ftpuser
    $ sudo passwd ftpuser
    New password: 
    Retype new password: 
    passwd: password updated successfully
    
  2. In order to verify that everything’s working properly, you should store at least one file in ftpuser’s home directory. This file should be visible when we login to FTP in the next steps.
    $ sudo bash -c "echo FTP TESTING > /home/ftpuser/FTP-TEST"
    

Connect to FTP Server via Command Line

  1. You should now be able to connect to your FTP server either by IP address or hostname. To connect from command line and verify that everything is working, open a terminal and use the ftp command to connect to your loopback address (127.0.0.1).
    $ ftp 127.0.0.1
    
    Connecting to the FTP server via command line
    Connecting to the FTP server via command line
  2. As you can see in the screenshot above, we were able to login to the FTP server by specifying the username and password that we configured earlier. Next, let’s try issuing an ls command, which should list the test file that we created in previous steps.
    ftp> ls
    
    Listing our test file to ensure that we can view contents of the FTP server
    Listing our test file to ensure that we can view contents of the FTP server




Your output should look like the screenshot above, indicating a successful login and a ls command that reveals our test file we created earlier.

Connect to FTP Server via GUI

Most desktop environments have a built in way to connect to FTP servers. Even if yours does not, there are plenty of free FTP clients available for Linux. In the instructions below, we will use the GNOME desktop environment on Ubuntu to connect to the FTP server. If you are running some other GUI, look for an option to connect to an external server in your file manager – from there, the instructions should be about the same as below:

  1. In your file manager, click on “Other Locations” (may be called something different if not using GNOME) and enter ftp://127.0.0.1 in the “Connect to server” box at the bottom of the window and click connect.
    Connecting to the FTP server through GNOME file manager
    Connecting to the FTP server through GNOME file manager
  2. Choose “registered user” and then enter the FTP account’s credentials that we setup earlier and click connect.
    Entering our FTP user credentials
    Entering our FTP user credentials
  3. Upon a successful connection, you will see the test file you created earlier. You will now be able to download and view this file, or upload your own contents to the directory.
    Successful connection to FTP server, showing our test file
    Successful connection to FTP server, showing our test file

Allow anonymous access in vsftpd

So far, we’ve seen how to create new users that can access the FTP server. If you’d like others to be able to access your FTP server without giving a username and password, you can configure anonymous authentication. Follow the steps below to get it set up.

  1. First, we’ll need to edit the /etc/vsftpd.conf file, so open it with nano or any other text editor.
    $ sudo nano /etc/vsftpd.conf
    
  2. Next, look for the anonymous_enable=NO line, and change the setting to YES.
    anonymous_enable=YES
    
  3. When done, exit this file while saving the new changes, then restart the vsftpd service for changes to take effect.
    $ sudo systemctl restart vsftpd
    



  4. To test out anonymous login, issue the ftp 127.0.0.1 command, use anonymous as your username, and a blank password. You should receive a 230 Login successful message as shown in the screenshot below.
    Logging into the FTP server with anonymous
    Logging into the FTP server with anonymous

Change default FTP port number

By default, the FTP protocol listens on port 21 for user authentication and port 20 for data transfer. However, we can change this behavior by making a small edit to the /etc/vsftpd.conf file. At the bottom of the file, use the listen_port directive to specify a different port for vsftpd to use. For example, adding the following line will instruct vsftpd to listen on port 2121:

listen_port=2121

Closing Thoughts

In this tutorial, we saw how to set up an FTP server on a Linux system through vsftpd. We also learned how to use the command line or GUI as an FTP client to connect to the server. When running an FTP server, computers on your local network can access your system to store and retrieve files, either via the command line or their preferred FTP client.



Comments and Discussions
Linux Forum