In this guide, we will see how to configure an FTP server (ProFTPd) to transfer files between your PC and your server.
- A newly deployed AKLWEB HOST Debian or Ubuntu server instance.
- A Sudo user.
Update the system.
sudo apt-get update sudo apt-get dist-upgrade
sudo apt-get install proftpd
During installation, you will be asked if you want to install in
standalone mode. Choose the
Open the Proftpd configuration file.
sudo nano /etc/proftpd/proftpd.conf
The file will resemble the following text.
# # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes, reload proftpd after modifications, if # it runs in daemon mode. It is not required in inetd/xinetd mode. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 on # If set on you can experience a longer connection delay in many cases. IdentLookups off ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes # DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. RequireValidShell off # Port 21 is the standard FTP port. Port 21 ...
Main configuration directives
ServerName: Specifies the name of the FTP server. This name will be displayed when clients connect to the server.
TimeoutIdle: The time, in seconds, after which a client is automatically disconnected if it is no longer active on the FTP server.
DefaultRoot: Controls the default root directory assigned to a user upon login.
Port: The connection port to the FTP server. Almost all of the time this port is
21and you should not have to change it unless you are blocked by a firewall.
PassivePorts: Restricts the range of ports from which the server will select when sent the
PASVcommand from a client.
MaxInstances: The maximum number of simultaneous connections you want to allow on your FTP server.
Now, we have to activate the
DefaultRoot option. to do this, find the
DefaultRoot commented line and uncomment it.
~ means that the user will be limited to the personal folder (e.g
Note: By default, someone who connects to the FTP server can access all of the server folders, so it’s recommended to enable the option
ServerName : the name of your FTP server
Find and uncomment the following lines (removing the
# at the beginning of each line) to allow anonymous connections to your server.
# A basic anonymous configuration, no upload directories. <Anonymous ~ftp> User ftp Group nogroup # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Cosmetic changes, all files belongs to ftp user DirFakeUser on ftp DirFakeGroup on ftp RequireValidShell off # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message # Limit WRITE everywhere in the anonymous chroot <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> </Anonymous>
Note: If you enable anonymous connections on your FTP server, any user can connect to it. They will have access to the
/home/ftp directory and will be able to read and download files, but not modify or add files.
You can forbid the root user from accessing FTP by adding the following line.
After the configuration has been changed, restart the server.
sudo service proftpd restart
Note: If an error line is displayed as “unable to resolve host”, be aware that it does not matter and you can ignore it.
Add an FTP user
Add a user, for example, “
useradd --shell /bin/false myuser
Create the home directory of our user “
Change the ownership of that directory to the user and group “
chown myuser:myuser /home/myuser/
Set a password for the user “