How To Set Up vsftpd for a User’s Directory on Ubuntu 16.04

By Sajid Qureshi, Alibaba Cloud Community Blog author.

FTP is a network protocol which is widely used for moving files between client and server. For the most part, it has been replaced by faster, more secure, and more convenient ways of delivering files. However, it is still used for some specific requirements. If you do need FTP, vsftpd is a great option, as it is very secure compared with other FTP servers. In fact, vsftpd is the default for many Linux distributions.

In this guide, you will learn how to configure vsftpd to allow a user to upload files to his home directory using FTP.


  1. A non-root user with sudo privileges

Installing vsftpd

sudo apt-get update

Once the system is updated, you can proceed further and install vsftpd using the following command.

sudo apt-get install vsftpd

Next, copy the content of configuration file so you can use it as backup.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Next, you can check the status of your firewall services using the following command. If it’s not active then you will have to make sure that it’s active.

sudo ufw status

You will have to modify the firewall rules and open some ports such as 20,21,990, etc.

Execute the following command and they will do the job for you.

sudo ufw allow 20/tcpsudo ufw allow 21/tcpsudo ufw allow 990/tcpsudo ufw allow 40000:50000/tcp

Setting Up the User Directory

sudo adduser david

Next, you will be asked to assign a password for the user so enter a password and hit ENTER button.

When a user is restricted to a specific directory, vsftpd is more secure in this scenario. ‘vsftpd’ accomplishes this with chroot jails. When chroot is enabled for local users, they are limited to their home directory by default and the directory does not have writing privileges. A new user may not want to write to their directory, but an existing user may want to write to their home folder.

Next, you will need to create a new folder ftp and change the ownership rules. Execute the following commands one by one and they will do the job for you.

sudo mkdir /home/david/ftpsudo chown nobody:nogroup /home/david/ftpsudo chmod a-w /home/david/ftp

Next, you will need to create a new directory so that files can be uploaded and change the ownership permissions to the user.

sudo mkdir /home/david/ftp/filessudo chown david:david /home/david/ftp/files

Finally, you will need to add a test file test.txt file to use when we test later.

echo "vsftpd test file" | sudo tee /home/david/ftp/files/test.txt

Your FTP user directory is prepared and fully secured now, you can proceed further to the configuration.

Configuring FTP Access

sudo nano /etc/vsftpd.conf

Make sure to match your configuration settings with this below-given configuration:

#Allow anonymous FTP? (Disabled by default).
#Uncomment this to allow local users to log in.

To allow the user to upload his files, you will need to uncomment the line write_enable like this:


Next, you will need to uncomment the line ‘chroot_local_user’ to make sure that user can not access any files outside of the directory tree.


Next, you will need to add a user_sub_token and a local_root directory path so this configuration will work for this user and any future users that might be added as shown below:


Next, you will need to limit the range of ports that can be used for passive FTP as shown below:


Finally, you’ll have to set up the configuration so that access is given to a user only when they are explicitly added to a list like below:


Save and exit from the text editor.

Finally, we’ll create and add our user to the file using the following command.

echo "david" | sudo tee -a /etc/vsftpd.userlist

Next, you will need to restart the daemon to apply the configuration changes using the following command.

sudo systemctl restart vsftpd


ftp -p

You should see Permission denied or Login failed as the result. Close the connection by typing bye.

Next, we will try it for our user david and he should be able to read as well as and write files.

ftp -p

You will be asked to enter your password and result should look like this:

Connected to
220 (vsFTPd 3.0.3)
Name ( david
331 Please specify the password.
Password: your_user's_password
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

Next, we will go to the files directory and then transfer the test file we created earlier using the get command.

ftp> cd filesftp> get test.txt

If nothing goes wrong then you will see Transfer complete in the final output.

Now, let’s try to upload the test file with a different name to check to write permissions:

ftp> put test.txt upload.txt

You should see the following result in your terminal.

227 Entering Passive Mode (203,0,113,0,164,71).
150 Ok to send data.
226 Transfer complete.
16 bytes sent in 0.000894 seconds (17897 bytes/s)

Close the connection by typing bye in the console.

Securing Transactions

Execute the following command to create a new certificate with one year validity.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

You’ll be asked to provide your details such as country, locality, company name, your IP address, and email address.

Next, you will need to edit the ‘vsftpd’ configuration file again so, open the file using the following command.

sudo nano /etc/vsftpd.conf

At the bottom of the file, you’ll find these two lines that begin with rsa_, uncomment these lines.

# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Next, add these two lines below them in the file.


Next, find the ssl_enable line and change it’s value to yes like below:


Next, add the following content to deny anonymous connection.


Next, add the following lines to configure the server to use TLS.


Finally, add the following lines to make sure that it use high encryption cipher suites.


Save the file and exit from the text editor.

Finally, you will need to restart the server to apply changes that we just configured.

sudo systemctl restart vsftpd

Your vsftpd is successfully installed and configured now and it is fully secure to use.

You can test this configuration and connect using a client that uses TLS such as FileZilla.

You can connect using FileZila and use your username and password (here david) to establish a secure connection, you can now transfer files with SSL/TLS enabled.


Original Source

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.