Enable FTP

http://lmgtfy.com/?q=ftp+server+ubuntu+11.04

Thank you.

I've hit a wall here though.

I've set up vsftpd. as instructed, but made a typo when trying to select the vsftpd.config file. I entered :

sudo vi /etc/vsftpd.config

Filetype should've been .conf not .config.

Now I'm stuck in a blank file and none of my commands are exiting me. They just keep returning me to the next line down…

How do I get out of here so I can delete the unneeded file and edit the real vsftpd.conf?

If everything is OK in that file but just the file name is wrong, rename it.

sudo mv /etc/vsftpd.config /etc/vsftpd.conf

The file was empty and I couldn't find any commands to allow me to exit. I was afraid to restart Putty because I'm new to to server management and wasn't sure if there were any processes going on in the background I would corrupt.

I finally gave up restarted Putty anyway, then returned to the correct file.

I'll delete the vsftpd.config file instead of renaming it. Don't want to overwrite my real vsftpd.conf file.

So, if I'm understanding you right, the problem is you don't know how to deal with vi?

Maybe you'd try some 'easier' text editor like Nano.

In any case, to introduce commands in vi/vim you have to type : and then whatever you need.

For instance, if you need to exit without writing anything:

:q!

Yes, you are correct. I was having troubles working with vi, or even knowing what it was for that matter. I've been following some tutorials on setting up FTP.

Been learning a lot today. Thank you for your help.

And now for the standard security disclaimer:

FTP is not secure; in the default form, it sends your username and password in the clear. It also does not verify the server's identity before sending this information. Never use FTP over wireless networks or untrusted/public wired networks. It should not be enabled on new systems without a very good reason.

An alternative is SFTP, which is built atop SSH and mitigates both of these issues (and a whole lot more; see RFC 2577). This is already set up and working on Linodes (and most servers, for that matter) out of the box. It is widely supported by dedicated FTP clients and most operating system file managers (although Windows Explorer, at last check, still doesn't).

Thanks hoopycat. I've been reading a lot today about how insecure ftp is. Though surprisingly there still seems to be more documentation on it than sftp, at least from what I've seen in my google searches.

I would much rather use the most secure option. You make it sound like configuring sftp is easier than configuring ftp.

If Linode already has it set up out the box, is there anything more to it than declaring a user, and can my users upload their files to a directory just the same as if it were through an ftp connection?

Please pardon my ignorance. I'm likely googling more questions as you're reading this.

SFTP uses the same system as SSH (in fact the full putty suite includes an sftp client), so any users will have their own folders and be able to upload files there. SFTP works out of the box like SSH, and functions the same in any FTP client without the need to install another server.

Thank you for all the prompt replies I've gotten today.

I had FTP setup on my previous server for a client that ran a nightly cron uploading 2 daily xml files. After 5 years I've never had a problem but it sounds like SFTP is the route I should take with my new Linode server.

Out of all the articles I've read, I've found a short list of steps that seems most relevant to what I want to accomplish for my Ubuntu 11.04 server.

In this example, "mark" is the user that can gain superuser rights through sudo. "peter" is the one we want to give sftp access to his personal folder, but not shell access or anything else.

I'm guessing in a fresh setup "mark" can be replaced with "root"?

I've labeled in red some things I'm not sure about:

Step 1: If it doesn't exist yet, create a group for the users you want to have sftp access only:

mark@neuskeutel:~$ sudo groupadd sftponly

Is this a username@password format?

Step 2: Add user "peter" to this group:

mark@neuskeutel:~$ sudo adduser peter sftponly

Step 3: Install openssh-server if it's not installed yet.

mark@neuskeutel:~$ sudo apt-get install openssh-server

I'm guessing I can skip this step since SSH is already installed

Step 4: Open the default OpenSSH server configuration for editing:

mark@neuskeutel:~$ sudo nano /etc/ssh/sshd_config

Step 5: Change the default sftp server from:

Subsystem sftp /usr/lib/openssh/sftp-server

to

Subsystem sftp internal-sftp

I'm reluctant to change any defauts. Is this recommended?

Step 6: Some users can only use sftp, but not other OpenSSH features like remote login. Let's create a rule for that group of users (we'll create the group afterwards). Add the following section to the bottom of /etc/ssh/sshd_config:

Match group sftponly

ChrootDirectory /home/%u

X11Forwarding no

AllowTcpForwarding no

ForceCommand internal-sftp

Step 7: Pass ownership of peter's directory you want to be sftp accessible to the superuser:

mark@neuskeutel:~$ sudo chown root.root /home/peter

This is just ensuing root has access to "mark's" folder?

Step 8: Now we change peter's home directory (normally /home/peter) to /:

sudo usermod -d / peter

Thanks in advance for any help.

I've also found this doc from the Linode library that has been helpful: http://library.linode.com/security/sftp-jails

I have my user setup and assigned to his group. Though before I assign him a directory I wanted to be sure about the syntax.

I wanted to give the user a directory with the path of /srv/www/domain.com/public_html/content/datafeeds

Do I need to specify this filepath anywhere?

@bbuster79:

Step 7: Pass ownership of peter's directory you want to be sftp accessible to the superuser:

mark@neuskeutel:~$ sudo chown root.root /home/peter

This is just ensuing root has access to "mark's" folder?
It's peter's folder. Mark is the admin (neuskeutel is the hostname).

Normally you would set a user's home directory with usermod -d but since you're using jails you could change the ChrootDirectory to whatever directory you want to grant access to. Or you could make a symlink to that directory in the user's home, like ln -s /srv/www/domain/ /home/peter/domain.