Setup FTP server to transfer files from local Desktop PC to server.
What is vsFTPd
vsFTPd (very secure FTP daemon) is a FTP server that is focuced on security. It is included in a default repository of Arch Linux.
Add FTP user
It is a good manner to add a FTP user separate with other users. This user should be added in ftp group.
$ sudo useradd -m fkenn
$ sudo passwd fkenn
$ sudo usermod -aG ftp fkennInstall vsFTPd
Install ftp server. I choosed vsFTPd. This is included in official repository of Manjaro Linux, and very easy to use.
$ sudo pacman -S vsftpdConfigure vsFTPd
Edit the file /etc/vsftpd.conf
$ sudo vi /etc/vsftpd.confanonymous_enable=NO
local_enable=YES
write_enable=YES
use_localtime=NO
seccomp_sandbox=NOThe last line is required to avoid the error on connecting with Filezilla client.
Note: If you are using local time (ie. Asia/Tokyo), you should set “use_localtime=NO“. Otherwise, your servers file timestamps will be off to local file timestamps.
How to enable change root
To enable change root add the following configuration on vsftpd.conf
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
user_config_dir=/etc/vsftpd/user_config.dAdd the user’s name to allow to chroot in this file.
Add the user name who is allowed to chroot should be added on /etc/vsftpd/chroot_list file.
fkennAdd the user name who is allowed to access should be added on /etc/vsftpd/user_list
fkennUser specific configurations
Create the file that filename is matched to the chroot user’s name in /etc/vsftpd/user_config.d directory.
$ sudo vim /etc/vsftpd/user_config.d/fkennlocal_root=/srv/http/www.example.com/
write_enable=YESThis configuration make fkenn to chroot /srv/http/www.example.com/. And add write permission on that directory.
Enable TLS
To enable TLS connection, add the following to /etc/vsftpd.conf
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/letsencrypt/live/www.example.com/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/www.example.com/privkey.pemNote: Here, I uses Let’s Encrypt for certificate the site.
Enable passive mode
Active mode vs passive mode
On FTP server connection, there are two connection mode, active mode and passive mode. Active mode uses 21 port server side and client side each other. On the other hand, passive mode uses not specific ports range. On active mode, Port 21 should be opened on the server side and clients site each other. On the other hand, passive mode client side does’nt need to open specific ports. So now a days, passive mode is used mainly.
Enable passive mode
For enabling passive mode, edit vsftpd.conf file like below.
pasv_enable=YES
pasv_min_port=10090
pasv_max_port=10100Any port rage is acceptable pasv_min_port to pasv_max_port. In this example, it is configured from 10090 to 10100.
Open the ports
$ sudo ufw allow 10090:10100/tcpOpen the port range that is specified in the configuration file.
Start and Enable FTP server
$ sudo systemctl start vsftpd
$ sudo systemctl enable vsftpdCheck the FTP server
$ ftp fkenn@192.168.10.109Notice: To logout from the server, type “quit”.
If you get the error “Failed to retrieve directory listing”
If you get the error “Failed to retrieve directory listing” when you are connecting with vsFTPd server, you should check if you have enabled passive mode on vsFTPd and open the port that is specified by the config file.
Conclusion
Here I have shown the procedure to install and configure vsFTPd on Arch Linux. In addition, I have shown how to configure chrooting, enable TLS and setting up passive mode. Now you can build a FTP server on your own.
Last Updated on February 5, 2025 by Kenn
Leave a Reply