How to Setup vsftpd for a User’s Directory on Ubuntu 22.04

set up vsftpd for a user directory on Ubuntu 22.04

In this tutorial, we are going to install vsftpd and set it up for a user’s directory on Ubuntu 22.04

VSFTPD is a shortcut of a very secure FTP daemon and is an FTP server for Unix systems, including Linux. Vsftpd is the default FTP server in the Ubuntu, CentOS, and RHEL distributions. System administrators, daily, are adding new users to the systems and configuring the vsftpd to allow the user to upload files or folders only in their directories on the server. This scenario is mostly for resellers who want their users to have limited access.

Installing and configuring the vsftpd for a user’s directory on Ubuntu 22.04 is a straightforward process. Let’s get started!

Prerequisites

  • Fresh install of Ubuntu 22.04
  • User privileges: root or non-root user with sudo privileges

Step 1. Update the System

Update the system packages to the latest versions available.

sudo apt update -y && sudo apt upgrade -y

Step 2. Install vsftpd daemon

Before we start with the configuration, we will install the VSFTPD daemon with the following commands:

sudo apt install vsftpd

Once installed, start and enable the vsftpd. service.

sudo systemctl start vsftpd.service && sudo systemctl enable vsftpd.service

Check if the service is running properly.

sudo systemctl status vsftpd.service

You should get the following output:

root@host:~# sudo systemctl status vsftpd.service
● vsftpd.service - vsftpd FTP server
     Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-09-19 21:00:12 CEST; 5min ago
   Main PID: 97973 (vsftpd)
      Tasks: 1 (limit: 4575)
     Memory: 856.0K
        CPU: 16ms
     CGroup: /system.slice/vsftpd.service
             └─97973 /usr/sbin/vsftpd /etc/vsftpd.conf

Step 3. Create User

The next step is to create a user. To do that, execute the following command:

sudo adduser developer

Execute the command, enter the password twice, hit Enter five times, and confirm the information with Y.

root@host:~# sudo adduser developer
Adding user `developer' ...
Adding new group `developer' (1001) ...
Adding new user `developer' (1001) with group `developer' ...
Creating home directory `/home/developer' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for developer
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y

The user developer is automatically created in the /home/developer directory.

root@host:# cd /home/developer/ && ls -al
total 20
drwxr-xr-x 2 developer developer 4096 Sep 19 21:27 .
drwxr-xr-x 3 root      root      4096 Sep 19 21:27 ..
-rw-r--r-- 1 developer developer  220 Sep 19 21:27 .bash_logout
-rw-r--r-- 1 developer developer 3771 Sep 19 21:27 .bashrc
-rw-r--r-- 1 developer developer  807 Sep 19 21:27 .profile

Now, we will create a directory called ftp inside the home directory of the developer user.

mkdir /home/developer/ftp

Once created, set the following permissions to the ftp folder.

chown nobody:nogroup /home/developer/ftp/
chmod a-w /home/developer/ftp

Step 4. Configure FTP Access

Now, when the user is created, we can proceed to configure the FTP access.

The configuration of the VSFTPD is stored in the /etc/vsftpd.conf file. Before we make any changes, it is recommended to have a copy of the file.

cp /etc/vsftpd.conf /etc/vsftpd.conf.original
chroot_local_user=YES
write_enable=YES
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

Once these changes are made, save the file and restart the vsftpd service.

sudo systemctl restart vsftpd

Next is to add the developer user in the /etc/vsftpd.userlist

touch /etc/vsftpd.userlist && echo "developer" | sudo tee -a /etc/vsftpd.userlist

Step 5. Test the FTP access

Before testing the connection, we need to open some ports via the UFW service.

sudo ufw allow 20,21/tcp

Once done, check the ufw status with the same command ufw status.

root@host:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
20,21/tcp                  ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere
20,21/tcp (v6)             ALLOW       Anywhere (v6)
22/tcp (v6)                ALLOW       Anywhere (v6)

Now, execute the following command to log in with the developer user and password:

ftp -p server_ip_address

Enter the developer user and password. Once logged in, you will receive the following output:

root@host:~# ftp -p server_ip_address
Connected to 1server_ip_address.
220 (vsFTPd 3.0.5)
Name (server_ip_address:root): developer
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

If you try to log in with some other user that does not belong to the vsftpd user’s list, you will get the following output:

root@host:~# ftp -p server_ip_address
Connected to server_ip_address.
220 (vsFTPd 3.0.5)
Name (server_ip_address:root): other-user
530 Permission denied.
ftp: Login failed

As you can see, permission is denied for other users. This tells us that we successfully configured the vsftpd for a user’s directory on Ubuntu 22.04

Of course, you do not have to configure this by yourself. All you need to do is sign up for one of our NVMe VPS plans and submit a support ticket. Our admins will help you with any aspect of vsftpd configuration.

If you liked this about configuring vsftpd for a users’ directory on Ubuntu 22.04, please share it with your friends on the social networks or simply leave a reply below.

3 thoughts on “How to Setup vsftpd for a User’s Directory on Ubuntu 22.04”

  1. in your command
    chown nobody:nogroup /home/developer/ftp/
    should be

    chown developer: /home/developer/ftp/

    otherwise the directory ftp wouldn’t even be visible

    and, why not using just:
    sudo chmod 700 /home/developer/ftp

    since with a-w we are not allowing to write in the ftp folder which is what we usually need when accessing to our own folder

    btw, thanks for the tutorial. all the steps worked except those two

    Reply

Leave a Comment