How to Set Up an FTP User on Ubuntu (vsftpd)
Step-by-step guide to installing and configuring vsftpd on Ubuntu, creating a restricted FTP user, and opening firewall ports.
How to Set Up an FTP User on Ubuntu (vsftpd)
This guide walks through installing vsftpd, configuring secure access, creating a restricted FTP user, and opening the necessary firewall ports. The configuration chroots users into their home directory and restricts access to a specific folder.
1) Install an FTP Server (vsftpd)
sudo apt update
sudo apt install vsftpd
2) Backup Default Configuration
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
3) Edit vsftpd Configuration
Open the configuration file:
sudo nano /etc/vsftpd.conf
Add or ensure the following settings (uncomment or append if missing):
# Enable local users and chroot them
local_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
# Optional: Passive mode for firewall/NAT friendliness
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
# Disable anonymous access
anonymous_enable=NO
# Restrict access to specific users in a whitelist
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
# Allow uploads/writes
write_enable=YES
Save and exit.
4) Create FTP User and Set Permissions
Create the dedicated user (replace ftpuser if you prefer another name):
sudo adduser ftpuser
Set the user's home directory to the target folder (example: /var/www/html/batchingPlant):
sudo usermod -d /var/www/html/batchingPlant ftpuser
Adjust ownership and permissions so the user can access and (optionally) upload:
sudo chown ftpuser:ftpuser /var/www/html/batchingPlant
sudo chmod 755 /var/www/html/batchingPlant
Whitelist the user in vsftpd:
echo "ftpuser" | sudo tee -a /etc/vsftpd.userlist
Restart the service:
sudo systemctl restart vsftpd
5) Configure the Firewall
If UFW is enabled, allow FTP and the passive port range:
sudo ufw allow 21
sudo ufw allow 40000:50000/tcp
sudo ufw reload
Optional: SELinux/AppArmor and NAT Notes
- If using AppArmor or SELinux, ensure vsftpd has permissions for the directory.
- If behind NAT or a cloud provider, map and open the passive port range on your router/security group.
- Some clients require explicit FTP over TLS; consider enabling
ssl_enable=YESand configuring certs for production use.
Verification
- Connect with an FTP client (e.g., FileZilla) using the server IP, port 21, and
ftpusercredentials. - You should land in
/var/www/html/batchingPlant, with access restricted to that directory.
You're all set with a secure, restricted FTP user on Ubuntu.
Post Details
Navigation
Related posts
Ubuntu Server Best Practices: Create 'ubuntu' User, SSH Keys, Disable Root Login
Harden an Ubuntu server by creating a non-root user with SSH key-based access, disabling root login, and configuring sudo privileges.
Read more →Automated MongoDB Backup to S3 with Shell Script on Ubuntu
Learn how to create an automated MongoDB backup system using shell scripts that dump databases, compress them, and upload to AWS S3 with automatic cleanup.
Read more →Deploy Next.js on Ubuntu with Git, PM2, Nginx, and Certbot
Production-ready guide to deploy a Next.js app on Ubuntu using Git for code, PM2 for process management, Nginx as reverse proxy, and Certbot for HTTPS.
Read more →