FTP (File Transfer Protocol) is a network protocol designed to transfer files between a client and a server. Despite the emergence of more modern solutions such as SFTP and SCP, FTP is still widely used to organize simple file exchange within a network or with external users.
In this article, we will look at how to install and configure an FTP server on a Linux system using the popular vsftpd server.
Installing vsftpd
FTP can be useful in cases where it is necessary to organize centralized storage with access for different users. It is easy to configure and maintain, and is supported by most operating systems and FTP clients. In a corporate environment, FTP is often used to exchange reports, logs, and other files that do not contain sensitive information.
The most common and secure FTP server for Linux is vsftpd (Very Secure FTP Daemon). It is stable, productive and has minimal resource consumption. The package is installed via the standard package manager: apt for Debian/Ubuntu or yum/dnf for CentOS/RHEL.
apt update && apt upgrade -y &&\
apt install vsftpd -y 
And for rpm-like package managers, use:
dnf update && dnf install vsftpd -yAfter installation, the service starts automatically and can be configured via the /etc/vsftpd.conf configuration file. For example, let's set up server authentication via PAM, and also define user rights. Please note that using FTP with anonymous users is fraught with unauthorized activity:
nano /etc/vsftpd.conf Server configuration:
listen=YES
listen_ipv6=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO Where each option is:
- listen=YES - The server will not work in standalone mode (for example, it will be managed via xinetd). If YES - vsftpd will start as a standalone daemon.
- listen_ipv6=NO - Disables listening to IPv6 addresses. If YES — the server will accept connections via IPv6.
- local_enable=YES - Allows local users (system accounts) to log in.
- write_enable=YES - Allows writing (uploading, deleting, renaming files) for authorized users.
- dirmessage_enable=YES - Shows a message from the .message file when entering a directory (if such a file exists).
- use_localtime=YES - Uses the server's local time (instead of GMT) in file lists.
- xferlog_enable=YES - Enables file transfer logging (logs are usually in /var/log/vsftpd.log).
- connect_from_port_20=YES - Uses port 20 for active FTP mode (DATA connection).
- secure_chroot_dir=/var/run/vsftpd/empty - Secure isolated directory for FTP sessions (so that the user cannot go beyond their session).
- pam_service_name=vsftpd - Specifies the name of the PAM configuration for authentication (usually /etc/pam.d/vsftpd).
- rsa_cert_file=... and rsa_private_key_file=... - Paths to the SSL certificate and private key (used if TLS/SSL is enabled).
- ssl_enable=NO - Disables SSL/TLS encryption.
Then we will move on to configuring users to the PAM library configuration:
nano /etc/pam.d/vsftpd 
The list above shows that if the user's login is from the list of prohibited ones, the connection is initially denied, and then the standard UNIX authentication module is used.
You can also add your own list of users to this list. And also change/add authentication methods in the PAM config at /etc/pam.d/vsftpd. After applying all the settings, restart the service:
systemctl restart vsftpd By default, FTP does not encrypt data, including logins and passwords. To increase the security level, it is recommended to enable F support TPS (FTP Secure) is FTP over TLS. To do this, you will need to generate an SSL certificate or use an existing one. Then, in the server configuration, you need to activate SSL and specify the path to the key and certificate.
Working with FTP clients
Connection to the FTP server can be done via the command line (ftp, lftp) or using graphical clients such as FileZilla. The user only needs to know the server IP address, account name, and password.
apt install ftp -y To connect, use the command, according to the scheme ftp://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]:
ftp ftp://jhon:123321@109.207.172.55:21/
When using FTPS, you must also enable encryption on the client side, if certificates are available.
FTP remains a popular tool for file transfer, especially in local networks and when automating data exchange. Setting up an FTP server on Linux using vsftpd does not require much effort, but provides a flexible and reliable way to organize access to files. At the same time, it is important to pay attention to security and use encryption if the server operates on an open network.
