If you want people to upload and download files from your Linux server, the best way to go about this is to set up an FTP server. Using this, you can configure it to allow or disallow anonymous connections, set a file size limit, restrict the directories they can access, etc. If you have a hosting account with cPanel access, this is easy as pie. However, in this tutorial, I’m going to focus on setting up an FTP server entirely through the command line on Linux. So let’s get started.
Choosing an FTP Server
Two of the most famous FTP servers are “vsftpd” and “Pure-FTPd.” While the former seems to be more prominent, I prefer the latter for one main reason.
Virtual Users: First, it’s a good practice to create “virtual users” for your FTP accounts. It means that the users don’t exist on the Linux server – they are specific to the FTP functionality. This avoids a host of problems involving security and permissions. You don’t have to worry about loopholes allowing system users to “break out” of their FTP folder for example. Pure-FTPd uses virtual users right out of the box and requires minimal additional configuration to get them to work correctly. With vsftpd, on the other hand, I find the process of creating virtual users a bit more complicated.
So for this tutorial, I’m going to use Pure-FTPd with virtual users.
Step 1: Install the Requisite Repos for CentOS/RedHat
The Pure-FTPd package on Linux is available to your CentOS/RedHat/rpm package manager as long as it has the “Extra Packages for Enterprise Linux” (EPEL) repositories available. By default, your Linux installation might not have these packages. So to make them available, type the following commands into your terminal for CentOS 7.
mkdir /root/temp cd /root/temp rpm --import https://muug.ca/mirror/fedora-epel//RPM-GPG-KEY-EPEL-7Server wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm rpm -ivh epel-release-7-8.noarch.rpm
Ubuntu and Debian based installations should have the repos already installed. So now CentOS will know where to find the packages you need. It’s an excellent repo to have in general, and has a ton of useful stuff!
Step 2: Remove all Old FTP Programs
If you’ve tried to use other FTP programs before Pure-FTPd, now’s the time to remove them all. It’s important because you don’t want the two conflicting with each other and battling for port 21 – the default port for FTP. Sometimes even after you uninstall a package, it can still cause problems and requires you to kill the process manually.
To see if there’s any other FTP program causing issues, use the following command:
ss -pl sport = :ftp
This command will check your ports for the string “ftp,” and the results will tell you if you have another FTP program running. If so, you can find the process ID using:
ps -A|grep vsftp
Here, replace vsftp with the name of the FTP program you got in the first command. Once you know the process ID, you can kill it with:
kill -KILL PID
Replace PID with the process ID you got in the second command. Once again, make sure it’s uninstalled using your package manager, and it’s time to install Pure-FTPd!
Step 3: Install Pure-FTPd
Installing Pure-FTPd is as simple as running the install command for your particular distribution. On CentOS:
yum install pure-ftpd
apt-get install pure-ftpd
Step 4: Configuring Pure-FTPd to Work with Virtual Users (and other modifications)
The configuration files for pure-ftpd are located in the file “/etc/pure-ftpd/pure-ftpd.conf”. So the first thing we’re going to do is to edit it using the command:
If you prefer, you can use any other command-line text editor. To enable virtual users, here’s what you need to do:
Put a “#” in front of the line containing: “PAMAuthentication yes.” Like this:
Enable the PureDB functionality by REMOVING the “#” in front of the line “PureDB”:
This parameter sets up virtual users. You can also manage other configuration options by disabling anonymous users (for safety reasons) by making sure that the “NoAnonymous” directive is set to “yes.”
There are a ton of other configuration options here that you can use to configure Pure-FTPd. I suggest you go through all of them, just so you get an idea of what it’s capable of, and what you can change. It is also strongly recommended to install a firewall such as CSF which will go through your configuration files and suggest some modifications to make your FTP server safer.
Step 5: Configure the Service to Start on Boot
Now we need to start the service and configure it to switch on at boot. Use the following commands to do that:
service pure-ftpd start chkconfig pure-ftpd on
Now we get to the meat of the tutorial – setting up virtual users!
Step 6: Adding a “Default” User and Group
For smooth functioning, Pure-FTPd requires you to create a default user and group with no special permissions or even a password. We’re going to call this “dummyftpuser” and “dummyftpgroup.” Here are the commands:
Set up a dummy group:
Set up a dummy user in the dummy group:
useradd -g dummyftpgroup dummyftpuser
Now we have a user called “dummyftpuser” belonging to the group “dummyftpgroup.”
Step 7: Create the FTP Directory
Depending on your configuration in the “/etc/pure-ftpd/pure-ftpd.conf”, FTP directories might be automatically created. But let’s create them manually. I want all my FTP activity to take place in a designated folder at “/home/ftp.” Use the following command to create it:
In the “/home/ftp” directory, I will have a separate folder for each new user. By default, all FTP users are restricted to their folders and can’t navigate higher than their root directory. This method is called “chrooting,” and is enabled by default in Pure-FTPd.
Step 8: Create a Virtual User
To create a virtual user, we only need the name. In this tutorial, I’ll create a user called “testftpuser.” This virtual user will be assigned to the “dummyftpuser” system account we created in Step 6. Also, based on Step 7, we will assign a folder called “/home/ftp/testftpuser” as their root directory. Use the following command:
pure-pw useradd testftpuser -u dummyftpuser -d /home/ftp/testftpuser
The “-u,” “-d” options specify the associated system account and the home directory, respectively. You’ll be asked for a password, and it’s confirmation.
Next, we need to create the above directory manually and give our user/group ownership permissions via:
mkdir /home/ftp/testftpuser chown -R dummyftpuser.dummyftpgroup /home/ftp/testftpuser
To avoid repetitive work, you can run the “chown” command on the FTP directory (/home/ftp) itself, and set the user root directories to be created automatically in the configuration file.
Once the above user has been added, we rebuild the puredb using the following command:
And we’re done!
You might get the following error while creating a virtual user.
You must give (non-root) uid and gid
In which case, you can specify the UID (user ID) and GID (group ID) of the dummy accounts using the “-u” and “-g” options. You can get both these numbers using the following command:
Where “dummyftpuser” refers to the system account, we created in Step 6. You’ll get an output like this:
Just plug these numbers into the command creating virtual users.
Step 9: Accessing our FTP Account
Using an FTP program (or even the browser), you can now log in through FTP. I use the free WinSCP program on Windows. Here is what the configuration looks like:
You can see that the connection is successful here:
And that’s all there is to it. Now you need to create more virtual users and modify the configuration file to suit your needs and the security requirements of your environment!