Install an FTP Server With ProFTPd on Debian or Ubuntu

112 views 2 May 30, 2023 aklwebhost

In this guide, we will see how to configure an FTP server (ProFTPd) to transfer files between your PC and your server.

Prerequisites

  • A newly deployed AKLWEB HOST Debian or Ubuntu server instance.
  • Sudo user.

Installation

Update the system.

sudo apt-get update

sudo apt-get dist-upgrade

Install proftpd.

sudo apt-get install proftpd

During installation, you will be asked if you want to install in inetd or standalone mode. Choose the standalone mode.

Configuration

Open the Proftpd configuration file.

sudo nano /etc/proftpd/proftpd.conf

The file will resemble the following text.

#

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.

# To really apply changes, reload proftpd after modifications, if

# it runs in daemon mode. It is not required in inetd/xinetd mode.

#



# Includes DSO modules

Include /etc/proftpd/modules.conf



# Set off to disable IPv6 support which is annoying on IPv4 only boxes.

UseIPv6                         on

# If set on you can experience a longer connection delay in many cases.

IdentLookups                    off



ServerName                      "Debian"

ServerType                      standalone

DeferWelcome                    off



MultilineRFC2228                on

DefaultServer                   on

ShowSymlinks                    on



TimeoutNoTransfer               600

TimeoutStalled                  600

TimeoutIdle                     1200



DisplayLogin                    welcome.msg

DisplayChdir                    .message true

ListOptions                     "-l"



DenyFilter                      \*.*/



# Use this to jail all users in their homes

# DefaultRoot                     ~



# Users require a valid shell listed in /etc/shells to login.

# Use this directive to release that constrain.

RequireValidShell               off



# Port 21 is the standard FTP port.

Port                            21

...

Main configuration directives

  • ServerName: Specifies the name of the FTP server. This name will be displayed when clients connect to the server.
  • TimeoutIdle: The time, in seconds, after which a client is automatically disconnected if it is no longer active on the FTP server.
  • DefaultRoot: Controls the default root directory assigned to a user upon login.
  • Port: The connection port to the FTP server. Almost all of the time this port is 21 and you should not have to change it unless you are blocked by a firewall.
  • PassivePorts: Restricts the range of ports from which the server will select when sent the PASV command from a client.
  • MaxInstances: The maximum number of simultaneous connections you want to allow on your FTP server.

Now, we have to activate the DefaultRoot option. to do this, find the DefaultRoot commented line and uncomment it.

DefaultRoot                     ~

The value ~ means that the user will be limited to the personal folder (e.g /home/user12).

Note: By default, someone who connects to the FTP server can access all of the server folders, so it’s recommended to enable the option DefaultRoot.

Change the ServerName.

ServerName : the name of your FTP server

Find and uncomment the following lines (removing the # at the beginning of each line) to allow anonymous connections to your server.

# A basic anonymous configuration, no upload directories.



 <Anonymous ~ftp>

   User                         ftp

   Group                        nogroup

   # We want clients to be able to login with "anonymous" as well as "ftp"

   UserAlias                    anonymous ftp

   # Cosmetic changes, all files belongs to ftp user

   DirFakeUser  on ftp

   DirFakeGroup on ftp



   RequireValidShell            off



   # Limit the maximum number of anonymous logins

   MaxClients                   10



   # We want 'welcome.msg' displayed at login, and '.message' displayed

   # in each newly chdired directory.

   DisplayLogin                 welcome.msg

   DisplayFirstChdir            .message



   # Limit WRITE everywhere in the anonymous chroot

   <Directory *>

     <Limit WRITE>

       DenyAll

     </Limit>

   </Directory>

 </Anonymous>

Note: If you enable anonymous connections on your FTP server, any user can connect to it. They will have access to the /home/ftp directory and will be able to read and download files, but not modify or add files.

You can forbid the root user from accessing FTP by adding the following line.

RootLogin off

After the configuration has been changed, restart the server.

sudo service proftpd restart

Note: If an error line is displayed as “unable to resolve host”, be aware that it does not matter and you can ignore it.

Add an FTP user

Add a user, for example, “myuser“.

useradd --shell /bin/false myuser

Create the home directory of our user “myuser“.

mkdir /home/myuser

Change the ownership of that directory to the user and group “myuser“.

chown myuser:myuser /home/myuser/

Set a password for the user “myuser“.

passwd myuser
Tags:

Was this helpful?

 
Related Articles

Didn't find your answer? Contact Us