The vsftpd server offers simplicity, security, and speed. It has been used by a number of sites, such as ftp.debian.org, ftp.gnu.org, rpmfind.net, and ftp.gimp.org. Note that despite its name, the Very Secure FTP server does not enable use of encrypted usernames or passwords.
Its main configuration file is vsftpd.conf, which resides under the /etc directory. The server has a number of features and default policies, but these can be overridden by changing the installed configuration file.
By default, anonymous logins are enabled, but users are not allowed to upload files, create new directories, or delete or rename files. The configuration file installed by Ubuntu allows local users (that is, users with a login and shell account) to log in and then access their home directory. This configuration presents potential security risks because usernames and passwords are passed without encryption over a network. The best policy is to deny your users access to the server from their user accounts. The standard vsftpd configuration disables this feature.
Was this article helpful?