How to install vsftpd on ubuntu 14.04 on DigitalOcean droplet

How to install vsftpd on ubuntu 14.04 on DigitalOcean droplet

Ok, as for me I don’t like ftp since I’ve discovered ssh. But not all of my customers have discovered ssh and most of them never will. So when I ask my customers to move to DigitalOcean hosting I probably should provide ftp access to their sites.

So one day I decided to install ftpd on my $5/month worth DigitalOcean droplet (worth every penny, I might add).

The DigitalOcean instruction was pretty straightforward:
install vsftpd, uncomment a pair of strings in config, restart service
and you are good to go!

“Not so fast”, said my inner paranoid, and was right…

Let’s begin with what we want. We definitely do not want to provide root ftp access to our precious server. So perhaps we need a user account with ftp-access caged in it’s home directory.

Step 1. Install server.
Well that is obvious:

sudo apt-get install vsftpd

Step 2. Configure server
Now, open /etc/vsftpd.conf:

sudo nano /etc/vsftpd.conf

Set/uncomment the following params as shown below

local_enable=YES
write_enable=YES
chroot_local_user=YES
chroot_list_enable=NO
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES

Step 3. Restart ftp server
Restart ftp server

sudo service vsftpd restart

For the hasty ones, that’s it!

For the nerds like me, a few explanations.
Grab the link for vsftpd.conf detailed description.

local_enable=YES

This enables local linux users to login by ftp using their linux credentials.

write_enable=YES

This enables ftp users upload data, not only download.

chroot_local_user=YES
chroot_list_enable=NO
chroot_list_file=/etc/vsftpd.chroot_list

And this is my favorite part. It defines what will ftp users see as their root folder. I’ve spent an hour figuring out how it works, due to the fact that my ftp client cached the results and I thought, that those options do not work!

Below is the table that depicts what folder ftp user will see as a root folder

Users who ARE in vsftpd.chroot_list Users who ARE NOT in vsftpd.chroot_list
chroot_local_user=NO, chroot_list_enable=NO Server root folder: / Server root folder: /
chroot_local_user=YES, chroot_list_enable=NO Home folder:
/home/_username_/
Home folder:
/home/_username_/
chroot_local_user=NO, chroot_list_enable=YES Server root folder: / Home folder:
/home/_username_/
chroot_local_user=YES, chroot_list_enable=YES Home folder:
/home/_username_/
Server root folder: /

That’s all folks!

Just one little bonus that I found when figuring out how these chroot_* options work. If you want to trap your users inside Home folder not only by ftp but by ssh as well, here’s the magic spell (imagine you have the user madmax):

usermod -s /bin/rbash madmax

Here’s the link on what’s going on here. And if you want to undo spell:

usermod -s /bin/bash madmax
{{"Show older comments..."|nls}}{{comments.length}} {{"of"|nls}} {{total}} {{"shown" | nls}}

{{'Comment'|nls}}:

{{(dialog.replies.length > 1?'Replies':'Reply')|nls}}: