Ubuntu FTP Server Setup: A Practical Guide for File Sharing (U.S. Edition)

By 佐川 直弘 | Naohiro Sagawa (運営者)

※記事内に広告を含みます。Amazonアソシエイトとして適格販売により収入を得ています。　

1. Introduction

Setting up an FTP server on Ubuntu is a highly practical approach for developers and administrators who need to efficiently send and receive files. Especially when aiming to build a home server or a simple in-house file-sharing environment, FTP (File Transfer Protocol) stands out as a straightforward and easy-to-implement option.

What is an FTP Server?

An FTP server is a dedicated server software designed for transmitting and receiving files over the internet or a local network. Users can connect to the server using FTP client software to upload and download files.

While secure alternatives like SFTP and SCP have gained popularity in some areas, FTP remains a preferred choice for many applications due to its simplicity and lightweight nature. It continues to be a highly practical protocol, especially for use within limited networks or for basic tasks.

The Role of an FTP Server in Ubuntu

Ubuntu is a Linux distribution favored by many users and is widely used for server purposes. By building an FTP server in an Ubuntu environment, file sharing among multiple devices and users becomes easy.

It is particularly effective in cases such as:

• File transfer to web servers
• Integration with IoT devices like Raspberry Pi
• Sharing internal documents

Thus, the combination of Ubuntu and an FTP server enables flexible and efficient file management.

Purpose and Target Audience of This Article

This article will explain how to set up an FTP server on Ubuntu, providing easy-to-understand step-by-step instructions for beginners. It is specifically aimed at readers who:

• Are familiar with basic Ubuntu operations but are new to FTP.
• Want to build an FTP server for local or simple business use.
• Also want to know about important considerations such as security and garbled Japanese file names.

By following the steps introduced here in order, you will be able to build a secure and practical FTP server environment. In the next section, we will start by explaining how to install “vsftpd,” a particularly popular FTP server.

2. Installing vsftpd

When building an FTP server on Ubuntu, the most commonly used software is vsftpd (Very Secure FTP Daemon). As its name suggests, it is an FTP server with a “very secure” design philosophy. It is lightweight and stable, making it widely adopted in corporate and educational environments.

This section explains the steps to install vsftpd on Ubuntu and how to set up service startup and automatic startup.

Installing vsftpd

First, use Ubuntu’s package management system (APT) to install vsftpd. Please execute the following steps in order:

sudo apt update
sudo apt install vsftpd

• sudo apt update: Updates the package information to the latest version.
• sudo apt install vsftpd: Installs the vsftpd package.

Once the installation is complete, vsftpd will automatically start.

Checking the Service Status

To verify that vsftpd has been installed correctly and is running, use the following command:

sudo systemctl status vsftpd

If this command displays “active (running),” the FTP server is operating normally.

Checking and Enabling Automatic Startup

vsftpd is usually configured for automatic startup immediately after installation, but it’s a good idea to double-check.

sudo systemctl enable vsftpd

Executing this command ensures that vsftpd will start automatically on subsequent system boots.

Don’t Forget to Configure the Firewall (UFW)

If you have UFW (Uncomplicated Firewall) enabled on your Ubuntu system, you need to open the FTP ports.

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp

This allows external access to the standard FTP ports: port 20 (data) and port 21 (command).

After setting up, reload UFW to apply the changes.

sudo ufw reload

3. Basic Configuration

Once vsftpd is installed, the next step is to customize the FTP server’s behavior to suit your needs by editing the configuration file. While the vsftpd configuration file allows for very detailed control, it has many restrictions in its initial state, so you need to explicitly enable the necessary features.

This section explains the typical basic configuration items.

Location of the Configuration File

The main configuration file for vsftpd is located at:

/etc/vsftpd.conf

To make changes to the configuration, edit the file as follows:

sudo nano /etc/vsftpd.conf

After making changes, you need to restart the vsftpd service.

sudo systemctl restart vsftpd

Allowing Write Access (for Uploads, etc.)

In the default vsftpd configuration, file uploads and modifications to the FTP server are not permitted. To allow write access, enable the following line:

write_enable=YES

This setting allows users to upload, delete, and modify files within their home directories.

Allowing Local User Logins

To allow FTP login using Ubuntu user accounts, the following setting is required:

local_enable=YES

With this setting, local users (system users) registered in /etc/passwd will be able to log in via FTP.

Enabling Directory Listing Retrieval

If the FTP client cannot retrieve a list of files and directories, check the following settings:

listen=YES
listen_ipv6=NO

Especially in environments where IPv6 is disabled, having listen_ipv6=YES can cause connection issues.

Setting a Login Banner (Optional)

You can also set a message (banner) that is displayed when connecting to the FTP server.

ftpd_banner=Welcome to your custom Ubuntu FTP server!

This can be useful in business contexts to convey contact information or important notices to users.

Allowing ASCII Mode Transfer (If Necessary)

If you need to correctly transfer specific text files (e.g., scripts containing Windows line breaks), configure the following:

ascii_upload_enable=YES
ascii_download_enable=YES

Usually, binary transfer is sufficient, but consider enabling this depending on your environment.

Thus, the basic configuration of vsftpd is characterized by explicitly specifying “what is allowed.” After editing the configuration file, be sure to restart the vsftpd service to apply the changes.

The next section will delve into more advanced security settings. Security measures are indispensable, especially when operating an FTP server on a public network.

4. Enhancing Security

While FTP is a convenient protocol, its characteristic of transmitting data without encryption raises security concerns. Especially when operating over the internet, robust security settings are essential.

This section introduces typical security measures that can be implemented with vsftpd.

Restricting User Access Range with chroot

Allowing FTP users to access directories other than their own is highly risky. Therefore, it is crucial to configure chroot, which confines each user to their home directory.

Enable the following two settings:

chroot_local_user=YES
allow_writeable_chroot=YES

• chroot_local_user=YES prevents local users from navigating above their home directory.
• allow_writeable_chroot=YES is a setting to relax vsftpd’s security restrictions and is necessary when the home directory has write permissions.

* Without this, you will encounter the error “500 OOPS: vsftpd: refusing to run with writable root inside chroot”.

Limiting Accessible Users

Allowing all local users to log in to FTP can lead to unexpected information leaks. Therefore, control FTP-accessible users using a whitelist approach.

First, add the following settings to vsftpd.conf:

userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

Next, list the users you want to allow to log in, one per line, in the /etc/vsftpd.userlist file.

sudo nano /etc/vsftpd.userlist

(Example)

ftpuser1
ftpuser2

With this configuration, only users explicitly listed will be able to log in.

Implementing Encrypted Communication with FTPS (SSL/TLS)

Standard FTP transmits data in plain text, posing a risk of eavesdropping on IDs, passwords, and data. To avoid this, use FTPS (FTP over SSL/TLS) to encrypt the communication.

First, create an SSL certificate (or use an existing one).

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Next, add the followingsettings to vsftpd.conf:

ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Now, you can connect using “FTPS (Explicit SSL)” on the FTP client side.

Disabling Unnecessary Features

To enhance security, it is also important to actively disable features that are not used.

Example:

anonymous_enable=NO

This disables anonymous user logins (it’s disabled by default, but explicitly setting it provides extra security).

With these settings, the vsftpd FTP server on Ubuntu will have basic security measures in place.
Especially when used over the internet, implementing FTPS is essential.

The next chapter will explain in detail how to handle garbled Japanese file names. This is an often-overlooked point in FTP operation but is crucial for preventing problems.

5. Handling Japanese File Names

When sending and receiving files using FTP, you may encounter the issue of Japanese file names becoming garbled. This is especially common when exchanging files between Windows and Ubuntu via FTP, where encoding mismatches can lead to “???” or unintelligible strings.

This section introduces measures to prevent garbled Japanese file names in vsftpd.

Main Causes of Garbled Characters

Garbled Japanese file names mainly occur due to the following three factors:

1. Ubuntu’s locale setting is not UTF-8.
2. The FTP client’s encoding setting is incorrect.
3. vsftpd is not operating with UTF-8 support.

It is important to check and adjust these in order.

Checking and Setting Ubuntu’s Locale

First, confirm that the character encoding on the Ubuntu side is UTF-8. Display the current locale using the following command:

locale

Example output:

LANG=ja_JP.UTF-8

If LANG or LC_ALL is not set to UTF-8, change and reconfigure it as follows:

sudo update-locale LANG=ja_JP.UTF-8
source /etc/default/locale

Also, generate the locale if necessary:

sudo locale-gen ja_JP.UTF-8

This will unify the file name processing within the server to UTF-8.

Checking vsftpd’s UTF-8 Setting

vsftpd supports UTF-8 by default, but it’s good to confirm the following setting just in case:

utf8_filesystem=YES

Even if this setting item does not exist, there should be no particular problem if the system is operating in UTF-8. However, this item may not be supported in some versions of vsftpd.

FTP Client Settings (FileZilla Example)

The FTP client’s settings are also extremely important. For example, when connecting using FileZilla, configure it as follows:

1. Open the Site Manager.
2. Open the settings for your connection.
3. Select the “Charset” tab.
4. Select “Use custom charset” and enter UTF-8.

This setting allows the client to correctly interpret the server’s file names as UTF-8, preventing garbled characters.

Note on Uploading from Other OSs

When uploading files created on Windows, etc., if the system uses a different character encoding such as Shift_JIS, the file name may be corrupted at the time of upload.

In such cases, it is safer to convert the file name to UTF-8 before uploading. You can use tools like convmv on the command line.

Summary

When handling Japanese file names with FTP, the key is that the character encoding on both the server and the client must match. On Ubuntu, setting UTF-8 as the standard and explicitly specifying UTF-8 on the FTP client side can prevent most character garbling issues.

The next chapter will explain passive mode and firewall settings. These are important configurations to avoid connection problems, especially when using FTP through a router or in a cloud environment.

6. Passive Mode and Firewall Configuration

One common issue when operating an FTP server over the internet or in a NAT environment (behind a router) is the phenomenon of “connection successful but unable to retrieve file list” or “data transfer fails.”
Many of these issues are caused by incorrect FTP operation mode (active/passive) and firewall settings.

This section explains how to enable passive mode in vsftpd and configure the necessary ports in the firewall.

What is Passive Mode?

FTP has two communication modes: “active mode” and “passive mode.”

• Active Mode: The server attempts to establish a connection to the client.
• Passive Mode: Communication is completed with connections only from the client to the server (more robust for communication across NAT and firewalls).

In modern network environments, passive mode is recommended. You need to explicitly configure passive mode settings in vsftpd.

Enabling Passive Mode in vsftpd

Add or edit the following settings in /etc/vsftpd.conf:

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000

This configures vsftpd to operate in passive mode and use ports 40000 to 50000 for data transfer. This range is arbitrary, but it is common to reserve about 20-30 ports.

Specifying the External IP Address (for NAT Environments)

If the server is in a NAT environment, such as behind a router, you need to explicitly specify the globally visible external IP address so that clients can connect correctly.

pasv_address=203.0.113.45

* The above IP address is an example. Please replace it with your actual global IP address.

With this setting, the FTP client can attempt a data connection based on the correct address information sent by vsftpd.

Firewall (UFW) Configuration

Open the ports used by vsftpd in the Ubuntu firewall (UFW). Execute the following commands:

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp

• 20/tcp: FTP data channel (for active mode)
• 21/tcp: FTP command channel (login and command transmission)
• 40000:50000/tcp: Port range for passive mode data transfer

After setting up, reload UFW to apply the changes.

sudo ufw reload

Points to Note in Cloud Environments (AWS, GCP, Azure, etc.)

When operating FTP on a cloud instance, you need to open the same ports not only in the OS-level UFW but also in the cloud provider’s security group (firewall).

Example: For AWS
→ Allow TCP ports 21 and 40000-50000 in the Security Group.

Summary

To operate FTP practically, configuring vsftpd’s passive mode and opening ports according to your network environment are essential. Especially when connecting from an external network, many communication failures and timeouts are caused by these settings.

The next chapter explains how to set individual access permissions and directory restrictions for each FTP user. This will be useful for multi-user operation and permission management.

7. Per-User Configuration

When using an FTP server in a real operational environment, there are many cases where you want to assign different access permissions and directories to multiple users. For example, you may need to set up dedicated folders for each department or individual user, or restrict access to other users’ files.

This section introduces how to manage settings on a per-user basis in vsftpd.

Creating Dedicated FTP Users

First, create dedicated user accounts for FTP. It is common to create new users with specified home directories.

sudo adduser ftpuser1

This command creates a dedicated directory at /home/ftpuser1. If you only use it for FTP purposes, you can restrict login by disabling the shell.

sudo useradd -m -s /usr/sbin/nologin ftpuser2

Setting Home Directory Permissions

Due to vsftpd’s security specifications, “writable chroot directories” are not allowed for FTP home directories. Therefore, the following configuration is recommended:

/home/ftpuser1/
├── files/  ← Allow write access (for uploads, etc.)

Adjust the permissions as follows:

sudo mkdir /home/ftpuser1/files
sudo chown ftpuser1:ftpuser1 /home/ftpuser1/files
sudo chmod 755 /home/ftpuser1

This creates a secure configuration where the root directory (/home/ftpuser1) is not writable, but uploads are possible to the files/ subdirectory.

Fixing Users to Directories with chroot

By setting chroot_local_user=YES, as introduced in the previous chapter, you can prevent FTP login users from accessing directories above their home directory.

chroot_local_user=YES
allow_writeable_chroot=YES

This setting helps prevent accidental viewing or modification of other users’ areas.

Using Per-User Configuration Files (Detailed Control)

vsftpd also has a feature to apply individual settings for each user. This allows you to finely control policies such as access restrictions, logging, and connection times.

First, configure as follows:

user_config_dir=/etc/vsftpd_user_conf

Next, create individual configuration files in the specified directory.

sudo mkdir /etc/vsftpd_user_conf
sudo nano /etc/vsftpd_user_conf/ftpuser1

Example:

local_root=/home/ftpuser1/files
write_enable=YES

This allows you to limit ftpuser1‘s root directory to /home/ftpuser1/files and separate write permissions from other users.

Points to Note When Using SFTP Together

If you are using SFTP (SSH-based FTP), which uses OpenSSH features, in addition to vsftpd, it is recommended to manage the configurations separately because user shells and group affiliations may differ.

Summary

vsftpd allows flexible directory control and access permission settings for each user. Appropriate user management enables a balance between security and convenience.

The next chapter explains how to check the operation of the FTP server. Let’s actually connect from a client and verify that file uploads and downloads can be performed normally.

8. Operation Confirmation

So far, you have completed the installation, configuration, and user management of the FTP server. The final important step is to verify that the FTP server is actually operating correctly.
This section introduces how to check the connection using the local environment and an FTP client.

Local Environment Connection Check (Command Line)

To test if you can connect to the FTP server from Ubuntu itself, use the ftp command. Try connecting as follows:

ftp localhost

When the login prompt appears, enter the FTP username and password you created earlier.

Name (localhost:username): ftpuser1
Password: ********

After logging in, you can try basic operations with commands like:

ls          # Display file list
cd files    # Change directory
put test.txt  # Upload a file
get test.txt  # Download a file

If it works successfully, the FTP server has been built without any problems.

* Note: In recent versions of Ubuntu, the ftp command is deprecated, so you can install and use clients like lftp or ncftp as alternatives.

Connection Confirmation from GUI Client (FileZilla Example)

For general users and verifying complex directory structures, a GUI FTP client such as FileZilla is convenient. The setup procedure is described below.

Connection Procedure with FileZilla:

1. Launch FileZilla and open the “Site Manager.”
2. Create a “New Site.”
3. Enter the following:

4. Click the “Connect” button.

If the file list and directory structure are displayed after connection, it is successful. Try upload/download operations as well.

Common Problems and Checkpoints During FTP Connection

Checking the Status with Log Files

If the problem persists, checking the vsftpd log file can help identify the cause.

cat /var/log/vsftpd.log

For other system-level logs, use the following:

sudo journalctl -u vsftpd

This information makes it easier to understand “when,” “who,” “what they did,” and “where the failure occurred.”

Other Tips

• If the connection is unstable: Suspect the client-side firewall or antivirus blocking the connection.
• Restrictions due to enhanced security: SELinux or AppArmor might be interfering (AppArmor is often enabled on Ubuntu).

Summary

Common patterns exist for errors that tend to occur during FTP operation. By calmly checking each point and verifying the configuration file, users, firewall, and logs, most problems can be resolved.

The next chapter will explain in detail common problems that occur during FTP operation and how to resolve them. Knowing how to handle errors will significantly improve your ability to respond during actual operation.

9. Troubleshooting

Even after the FTP server setup is complete, various errors and malfunctions may occur during actual operation. In particular, issues with network configuration, permission settings, and restrictions due to security settings can lead to problems such as inability to connect or failure to transfer files.

This section introduces common errors and their solutions on a case-by-case basis. It is organized to help beginners easily identify the cause and recover quickly.

Common Errors and Troubleshooting Methods

Error: 530 Login incorrect

Cause:

• Incorrect username or password.
• The user is not registered in /etc/vsftpd.userlist (when using a whitelist).

Solution:

• Double-check the entered information.
• If userlist_deny=NO is set, add the user you want to allow to log in to /etc/vsftpd.userlist.

Error: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

Cause:

• The home directory is writable while the chroot function is enabled.

Solution:

• Add the following to vsftpd.conf:

allow_writeable_chroot=YES

• Alternatively, do not grant write permissions to the home directory, and instead configure write permissions for a subdirectory such as files/.