The Very Secure FTP Service

Before configuring the vsFTP server, you need to install it. One method is with the following command:

$ sudo apt-get install vsftpd

FTP Server


Advanced TFTP (atftpd)

A multi-threaded TFTP server for multiple connections

Netkit FTP (ftpd)

An FTP server with an SSL option; other FTP servers are preferred in the Ubuntu documentation

Secure FTP (krb5-ftpd)

An FTP server that uses Kerberos for authentication

Pure-FTPd (pure-ftpd)

A complex FTP server with support for chroot directories, quotas, and more

Trivial FTP (tftpd)

The standard TFTP server, sometimes used for terminal servers

TwoFTPd (twoftpd)

A two-part FTP server, including an authenticating front-end without code

WU-FTPD (wu-ftpd)

A popular FTP server that hasn't been maintained since 2001

Table 17-6. Description of Selected FTP Servers

Two key vsFTP configuration files are / etc/vsftpd.conf and / etc/ftpusers. The vsftpd. conf configuration file is the standard. The / etc/ftpusers file is commonly used by other FTP servers to configure users who are not allowed access through the server.

The directives in this file are straightforward. I urge you to read the file for yourself; the comments provide good explanations of many of the directives. A few of these directives are listed in Table 17-7. (Because some directives are long, line wrapping is unavoidable.) Commented directives from the default version of the vsftpd.conf file include the pound character (#) in front. Many commented directives are default settings.

This section focuses on those directives that you might change to enhance the security or customize access to regular users. The directives in the default vsftpd.conf file are just a small fraction of the directives that are available; other directives are listed in the vsftpd.conf man page.

Once the configuration is complete, restart the server with the following command. You can connect from the local system or from a remote system on the same network.

$ sudo /etc/init.d/vsftpd restart

As I've enabled anonymous access, I'd expect to be able to access this FTP server with the username anonymous. And when the vsftpd package is installed, FTP server uploads and downloads are configured by default in the /home/ftp directory.




Supports a control script in / etc/init.d; note the listen_ipv6

directive available for IPv6 communication


Allows anonymous access; can be set to NO

# local_enable=YES

Can support regular user logins

# write_enable=YES

Can support writes by authenticated regular users

# local_umask=022

Can override the default umask of 077; requires local_


# anon_upload_

Enables uploads by anonymous users


# anon_mkdir_write_

Enables new directories by anonymous users



Allows directory messages; by default, located in .message



Activates logging of uploads and downloads


Supports data transfers through TCP/IP port 20



Allows changing the ownership of uploaded files


Sets the ownership for uploaded files



Specifies the default log for file transfers



Specifies the standard log format



Notes that sessions are timed out in 10 minutes



Notes that attempted data connections are timed out in


two minutes


Defines an unprivileged user, not included in /etc/passwd


Required for some FTP clients; enabling this option is



Enables uploads in ASCII mode; documentation suggests


this is a "terrible feature"

Table 17-7. Some vsFTP Server Configuration Commands




Enables downloads in ASCII mode; documentation


suggests this is a "terrible feature"

#ftp_banner=Welcome to

Configures a banner

blah FTP service


Can set up a list of denied anonymous e-mail addresses



Specifies file with unallowed e-mail addresses; requires





Can limit local users to their home directories


Can set up a list of users associated with chroot


If chroot_local_user=YES, users in the noted file are not


allowed to chroot


Can set up the ls -R command for subdirectories


Points to a directory that should be empty, and not


writable by the FTP user


Configures Pluggable Authentication Module (PAM)




Points to a certificate for secure connections




Notes a certificate key for secure connections



Table 17-7. Some vsFTP Server Configuration Commands {continued

FTP Client

The standard FTP client software is a basic command line, text-oriented client application that offers a simple but efficient interface. Most web browsers offer a graphical tool that can be used as an FTP client; to that end, the gFTP and KFTPgrabber tools are available from Ubuntu repositories. However, the FTP client I prefer is lftp.

Any FTP client supports views of files in a directory tree. Most FTP clients are simple. For example, you can use the ftp command to connect to a server such as as follows:

$ ftp

I prefer the lftp client, as it supports interchanges similar to those available at the command line. By default, the lftp client automatically attempts an anonymous login. It also supports command completion, which can help you access files and directories with longer names.

Most commands at the FTP prompt are run at the remote host, similar to a Telnet session. Most command line FTP clients still allow access to the local shell. From the FTP client prompt, just preface the desired local command with a bang (!) to run regular shell commands.

Continue reading here: The Network Time Protocol Service

Was this article helpful?

+1 0