Installation
Update the package repository and install vsftpd:
sudo apt-get update
sudo apt-get install vsftpd
After installation, vsftpd creates an ftp system user by default. Set a password for this account:
sudo passwd ftp
The default home directory for this user is /srv/ftp.
Basic Configuration
Edit the vsftpd configuration file:
sudo nano /etc/vsftpd.conf
Key settings to enable:
# Allow anonymous access
anonymous_enable=YES
# Enable local user authentication
local_enable=YES
# Enable write commands
write_enable=YES
# Restrict users to their home directories
chroot_local_user=YES
# Enable chroot list
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
Restart the service:
sudo service vsftpd restart
Allowing Sepcific Local Users
To permit only certain local users to access the FTP server, configure user-based access control:
userlist_deny=NO
userlist_file=/etc/allowed_users
seccomp_sandbox=NO
Create the allowed users file:
sudo nano /etc/allowed_users
Add usernames, one per line:
user1
user2
user3
These users will access /home/ftp as their root directory when connecting.
Enabling File Uploads
The anonymous ftp user cannot write to the default directory. Create a writable folder:
sudo mkdir -p /home/ftp/upload
sudo chmod -R 777 /home/ftp/upload
For local users in allowed_users, set the home root in the configuration:
local_root=/home/ftp
If users cannot upload, verify directory permissions and ensure write_enable=YES is active.
Accessing via Web Browser
Enter the following URL format in your browser:
ftp://192.168.100.91
The anonymous ftp user accesses /srv/ftp, while allowed local users access /home/ftp.
HTML Download Links with Credentials
Embed username and password directly in the URL for automated authentication:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>FTP Downloads</title>
</head>
<body>
<a href='ftp://uftp:password123@192.168.100.91:21/public/file/vsftpd.conf' download>
Download Configuration
</a>
</body>
</html>
The format is: ftp://username:password@host:port/path/filename
Using FileZilla
Connect using FileZilla client with these settings:
| Field | Value |
|---|---|
| Host | 192.168.100.91 |
| Username | ftp (or local user) |
| Password | user password |
| Port | 21 |
If uploading fails with "553 Could not create file", the target directory lacks write permissions. Upload to directories with 777 permissions instead.
Complete Configuration Example
# Listen configuration
listen=YES
# Anonymous access
anonymous_enable=YES
# Local user settings
local_enable=YES
write_enable=YES
local_umask=022
# Directory messages
dirmessage_enable=YES
use_localtime=YES
# Logging
xferlog_enable=YES
connect_from_port_20=YES
# Chroot settings
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
# User restrictions
userlist_deny=NO
userlist_file=/etc/allowed_users
# Default root for allowed users
local_root=/home/ftp
# Security settings
seccomp_sandbox=NO
pam_service_name=vsftpd
secure_chroot_dir=/var/run/vsftpd/empty
# SSL configuration
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Directory Access Summary
| User Type | Access Path |
|---|---|
| Anonymous (ftp) | /srv/ftp |
| Allowed users | /home/ftp |
| Upload destination | Subdirectory with write permissions |
To change file ownership for downloaded content:
sudo chown -R username:groupname /path/to/directory
Passive Mode (Optional)
If clients behind firewalls have connection issues, enable passive mode:
pasv_enable=YES
pasv_min_port=3000
pasv_max_port=4000
Open the specified port range in your firewall to allow passive connections.