You are here: Home » Network » Administration » FTP server on the Debian

FTP server on the Debian

FTP – File Transfer Protocol – is a protocol for file transferring between client and server. It allows you to transfer files (e.g. web sites) on the server and download them from the server via the Internet. ProFTPD is a widespread, well configurable FTP server for systems based on UNIX. In this post I will describe the installation and configuration of ProFTPD application in Debian. In the following example, TLS is configured on the FTP server to  provide secure communication between FTP client (eg. FileZilla) and the FTP server – ProFTPD. The installation and configuration was done on Debian Wheezy 7.7.

Instalation

ProFTPD package is included in the default repository of Debian system and can be easily installed with the following command:

sudo apt-get install proftpd-basic

During installation, you must choose whether the FTP server is running as a service from inetd or as a standalone server in a standalone mode. In this example you can select standalone mode.

Configuration

Now I will show you how to configure ProFTPD. The configuration files are contained mainly in the /etc/proftpd/ directory, but it is not as it should be. We want to have maintained order in the system, because we use a different, more nice-looking mechanism.
Ideally, when some configuration files, particularly those defining the configuration of user accounts, indeed allocation are stored in the conf.d directory. This is very convenient, because update of the package will not change our configuration files.

For example, the file account.conf is used to adjust ProFTPD server. Now we can save the file and reset our FTP server.

$ sudo vi /etc/proftpd/conf.d/account.conf 
# Ftp user doesn't need a valid shell 
<Global> 
RequireValidShell off 
</Global> 
# If desired turn off IPv6 UseIPv6 off 
# Default directory is ftpusers home 
DefaultRoot ~ ftpuser 
# Limit login to the ftpuser group 
<Limit LOGIN> 
DenyGroup !ftpuser 
</Limit>


Encrypted by (SSL/TLS)

Encryption is extremely necessary. We do not want to logins and passwords when logging logs flew us in clear text. TLS module enables an encrypted connection to the server ProFTPD over SSL/TLS.

From what we can see by default ProFTPD supports TLS module. It is included in the configuration file /etc/proftpd/modules.conf and automatically activated. The certificate can we create ourselves, or buy a certification center, the more we recommend. Then we get two files: the certificate and key. Conf.d directory is in turn created a separate configuration file for the SSL / TLS:

$ sudo vi /etc/proftpd/conf.d/tls.conf
<IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/log/proftpd/tls.log
        TLSProtocol TLSv1
        TLSRSACertificateFile /etc/ssl/certs/name.crt
        TLSRSACertificateKeyFile /etc/ssl/private/name.key
        TLSVerifyClient off
        TLSRequired on
</IfModule>

Then ProFTPD will be restarted.

Create FTP users

To create FTP user must create a system user. But it is a user without a valid login shell.

$ sudo adduser account --shell /bin/false --home /var/www/html
Adding user `account' ...
Adding new group `account' (1001) ...
Adding new user `account' (1001) with group `account' ...
Creating home directory `/var/www/html' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
[...]

We can also allow anonymous access to FTP readable. To do this, edit the file:

$ sudo vi /etc/proftpd/conf.d/anon.conf
<Anonymous ~account>
        User    ftp
        Group   ftp
        # Users can also login with ftp
        UserAlias       anonymous       ftp
        # All files belong to ftp
        DirFakeUser on ftp
        DirFakeGroup on ftp
        RequireValidShell       off
        MaxClients      10
        <Directory *>
                <Limit WRITE>
                DenyAll
                </Limit>
        </Directory>
</Anonymous>

To FTP user can access the anonymous FTP area must be added to the group account:

$ sudo adduser ftp account
Adding user `ftp' to group `account' ...
Adding user ftp to group account
Done.

Comments

comments