FTP, which stands for “File Transfer Protocol,” is a useful way for transferring files between a client and a server. Depending on the permissions granted to a user, they can traverse directories on the server, download the files to their local computer, and also upload files from their computer to the server. Usually, servers are kept secure by only allowing users with accounts to login via FTP, but it is also possible to configure anonymous authorization, which allows anyone to connect to the server to download and/or upload files.
Running an FTP server is a good choice if you need to allow users access to hosted files or grant them the ability to put their local files onto the server. This is because FTP is widely supported (especially on a Linux system), simple to use, and easy to configure when it comes to user permissions.
In this tutorial, we will cover the step by step instructions to set up an FTP server on a Linux system. We will also see how to configure the FTP server through various settings, then how to use command line, GNOME GUI, or FTP client software to connect to the FTP server.
FTP will suffice for some situations, but for connections over the internet, SFTP is recommended. This is because FTP is not secure to use over an internet connection, since your credentials and data are transmitted without encryption. The ‘S’ in SFTP stands for ‘Secure’ and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection. To learn more about SFTP, see our tutorial on How to Securely Transfer Files With SFTP.
In this tutorial you will learn:
- How to install and configure vsftpd on major Linux distros
- How to allow FTP traffic through system firewall
- How to setup an FTP user account
- How to connect to FTP server via command line
- How to connect to FTP server via GUI
- How to configure anonymous FTP login
- How to change the default FTP listening port
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux distro |
| Software | vsftpd |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
How to Install vsftpd on Linux
vsftpd (very secure FTP daemon) is one of the best and most popular FTP servers for Linux. Others also exist, but vsftpd is what we recommend using. You can use the appropriate command below to install vsftpd with your system’s package manager.
To install vsftpd on Ubuntu, Debian, and Linux Mint:
$ sudo apt install vsftpd
To install vsftpd on Fedora, CentOS, AlmaLinux, and Red Hat:
$ sudo dnf install vsftpd
To install vsftpd on Arch Linux and Manjaro:
$ sudo pacman -S vsftpd
Configuring a vsftpd Server
After installation, we will go through a basic configuration to get the FTP server up and running:
- It is always best practice to keep a backup copy of the original config file, just in case something goes wrong later. Let’s rename the default config file:
$ sudo mv /etc/vsftpd.conf /etc/vsftpd.conf_orig
- Create a new vsftpd configuration file using nano or whichever text editor you prefer:
$ sudo nano /etc/vsftpd.conf
- Copy the following base configuration into your file. This configuration will suffice for a basic FTP server, and can later be tweaked for the specific needs of your environment once you have verified this is working properly:
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ssl_enable=NO pasv_enable=Yes pasv_min_port=10000 pasv_max_port=10100 allow_writeable_chroot=YESPaste the above lines into your newly created /etc/vsftpd.conf file, and then save changes and close the file.
vsftpd configuration file
- Your Linux firewall might be configured to block connections to FTP currently, but executing the appropriate command below for your distribution will create an exception to allow the traffic:
On Ubuntu and systems using ufw (uncomplicated firewall):
$ sudo ufw allow from any to any port 20,21 proto tcp
On RHEL based distros or any others using firewalld:
$ sudo firewall-cmd --zone=public --permanent --add-service=ftp
Or if you are just using iptables and no firewall frontend:
$ sudo iptables -A INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp --dport 20,21 -j ACCEPT
- With the configuration file saved and the firewall rules updated, restart vsftpd to apply the new changes:
$ sudo systemctl restart vsftpd
Creating an FTP User
Our FTP server is ready to receive incoming connections, so now it is time to create a new user account that we will use to connect to the FTP service.
- Use this first command to create a new account called
ftpuser, and the second command to set a password for the account:$ sudo useradd -m ftpuser $ sudo passwd ftpuser New password: Retype new password: passwd: password updated successfully
- In order to verify that everything’s working properly, you should store at least one file in ftpuser’s home directory. This file should be visible when we login to FTP in the next steps.
$ sudo bash -c "echo FTP TESTING > /home/ftpuser/FTP-TEST"
Connect to FTP Server via Command Line
- You should now be able to connect to your FTP server either by IP address or hostname. To connect from command line and verify that everything is working, open a terminal and use the
ftpcommand to connect to your loopback address (127.0.0.1).$ ftp 127.0.0.1
Connecting to the FTP server via command line - As you can see in the screenshot above, we were able to login to the FTP server by specifying the username and password that we configured earlier. Next, let’s try issuing an
lscommand, which should list the test file that we created in previous steps.ftp> ls
Listing our test file to ensure that we can view contents of the FTP server
Your output should look like the screenshot above, indicating a successful login and a
ls command that reveals our test file we created earlier.
Connect to FTP Server via GUI
Most desktop environments have a built in way to connect to FTP servers. Even if yours does not, there are plenty of free FTP clients available for Linux. In the instructions below, we will use the GNOME desktop environment on Ubuntu to connect to the FTP server. If you are running some other GUI, look for an option to connect to an external server in your file manager – from there, the instructions should be about the same as below:
- In your file manager, click on “Other Locations” (may be called something different if not using GNOME) and enter
ftp://127.0.0.1in the “Connect to server” box at the bottom of the window and click connect.
Connecting to the FTP server through GNOME file manager - Choose “registered user” and then enter the FTP account’s credentials that we setup earlier and click connect.
Entering our FTP user credentials - Upon a successful connection, you will see the test file you created earlier. You will now be able to download and view this file, or upload your own contents to the directory.
Successful connection to FTP server, showing our test file
Allow anonymous access in vsftpd
So far, we’ve seen how to create new users that can access the FTP server. If you’d like others to be able to access your FTP server without giving a username and password, you can configure anonymous authentication. Follow the steps below to get it set up.
- First, we’ll need to edit the
/etc/vsftpd.conffile, so open it with nano or any other text editor.$ sudo nano /etc/vsftpd.conf
- Next, look for the
anonymous_enable=NOline, and change the setting toYES.anonymous_enable=YES
- When done, exit this file while saving the new changes, then restart the vsftpd service for changes to take effect.
$ sudo systemctl restart vsftpd
- To test out anonymous login, issue the
ftp 127.0.0.1command, useanonymousas your username, and a blank password. You should receive a230 Login successfulmessage as shown in the screenshot below.
Logging into the FTP server with anonymous
Change default FTP port number
By default, the FTP protocol listens on port 21 for user authentication and port 20 for data transfer. However, we can change this behavior by making a small edit to the /etc/vsftpd.conf file. At the bottom of the file, use the listen_port directive to specify a different port for vsftpd to use. For example, adding the following line will instruct vsftpd to listen on port 2121:
listen_port=2121
Closing Thoughts
In this tutorial, we saw how to set up an FTP server on a Linux system through vsftpd. We also learned how to use the command line or GUI as an FTP client to connect to the server. When running an FTP server, computers on your local network can access your system to store and retrieve files, either via the command line or their preferred FTP client.
