How to Build a Secure FTP Server on Ubuntu with vsftpd (Beginner to Advanced Guide)

1. Introduction

Building an FTP server on Ubuntu is a highly practical solution for developers and administrators who want to efficiently transfer files. Especially when setting up a home server or a simple internal file-sharing environment, FTP (File Transfer Protocol) remains an easy-to-deploy and straightforward option.

What Is an FTP Server?

An FTP server is dedicated server software used to transfer files over the internet or a local network. Users connect to the server using an FTP client application to upload or download files.

While secure alternatives such as SFTP and SCP have become more common, FTP is still widely used due to its simplicity and lightweight nature. In restricted networks or for basic use cases, FTP continues to be a practical and effective protocol.

The Role of an FTP Server on Ubuntu

Ubuntu is one of the most popular Linux distributions and is widely used for server environments. By setting up an FTP server on Ubuntu, file sharing between multiple devices and users becomes much easier.

Typical use cases include:

• Transferring files to a web server
• Integrating with IoT devices such as Raspberry Pi
• Sharing internal company documents

The combination of Ubuntu and an FTP server enables flexible and efficient file management.

Purpose of This Article and Target Audience

This article explains how to build an FTP server on Ubuntu in a step-by-step manner that is easy to understand even for beginners. It is intended for readers who:

• Are familiar with basic Ubuntu operations but are new to FTP
• Want to build an FTP server for local or lightweight business use
• Want to understand security considerations and issues such as filename encoding

By following the steps in this guide, you will be able to build a secure and practical FTP server environment. In the next section, we will begin with installing one of the most popular FTP servers available: vsftpd.

2. Installing vsftpd

When building an FTP server on Ubuntu, the most commonly used software is vsftpd (Very Secure FTP Daemon). As its name suggests, it is designed with security in mind and is lightweight and stable, making it widely adopted in corporate and educational environments.

This section explains how to install vsftpd on Ubuntu and configure the service to start automatically.

Installing vsftpd

First, install vsftpd using Ubuntu’s package management system (APT). Run the following commands in order:

sudo apt update
sudo apt install vsftpd

• sudo apt update: Updates the package list
• sudo apt install vsftpd: Installs the vsftpd package

Once installation is complete, the vsftpd service starts automatically.

Checking the Service Status

To verify that vsftpd is installed and running correctly, use the following command:

sudo systemctl status vsftpd

If you see active (running), the FTP server is operating normally.

Enabling Automatic Startup

vsftpd is usually enabled to start automatically by default, but it is good practice to confirm:

sudo systemctl enable vsftpd

This ensures that vsftpd starts automatically after system reboots.

Do Not Forget Firewall (UFW) Settings

If UFW (Uncomplicated Firewall) is enabled on Ubuntu, you must allow FTP ports:

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp

This opens FTP’s standard ports: 20 (data) and 21 (command).

After modifying firewall rules, reload UFW:

sudo ufw reload

3. Basic Configuration

After installing vsftpd, the next step is to customize its behavior by editing the configuration file. Although vsftpd offers very fine-grained control, many features are disabled by default, so you must explicitly enable the functions you need.

This section explains the most common and essential configuration options.

Location of the Configuration File

The main configuration file for vsftpd is located at:

/etc/vsftpd.conf

Edit the file using the following command:

sudo nano /etc/vsftpd.conf

After making changes, restart vsftpd to apply them:

sudo systemctl restart vsftpd

Allow Write Operations (Uploads, Deletions, Modifications)

By default, vsftpd does not allow file uploads or modifications. To enable write access, uncomment or add the following line:

write_enable=YES

This allows users to upload, delete, and modify files within their home directories.

Enable Local User Login

To allow Ubuntu system users to log in via FTP, enable the following option:

local_enable=YES

This allows users listed in /etc/passwd to log in using FTP.

Enable Directory Listing

If directory listings fail in FTP clients, verify the following settings:

listen=YES
listen_ipv6=NO

If IPv6 is disabled on your system but listen_ipv6=YES remains enabled, connection issues may occur.

Set a Login Banner (Optional)

You can display a custom message when users connect to the FTP server:

ftpd_banner=Welcome to your custom Ubuntu FTP server!

This is useful for displaying operational notices or contact information.

Enable ASCII Mode Transfers (If Required)

If you need to correctly transfer text files with different newline formats, enable ASCII mode:

ascii_upload_enable=YES
ascii_download_enable=YES

Binary mode is sufficient in most cases, but ASCII mode can be useful in specific environments.

vsftpd requires explicit permission for each capability, making configuration transparent and secure. Always restart the service after modifying the configuration file.

4. Enhancing Security

Although FTP is convenient, it does not encrypt traffic by default, which raises security concerns—especially when used over the internet. Proper security configuration is essential.

This section introduces key security measures available in vsftpd.

Restrict User Access with chroot

Allowing FTP users to access directories outside their home directory is dangerous. Use chroot to confine users to their home directories.

chroot_local_user=YES
allow_writeable_chroot=YES

• chroot_local_user=YES prevents users from accessing directories above their home directory.
• allow_writeable_chroot=YES is required when the home directory has write permissions.

Without this setting, the following error occurs:

500 OOPS: vsftpd: refusing to run with writable root inside chroot

Restrict Login Users (Whitelist)

Allowing all system users to log in via FTP increases security risk. Instead, restrict access using a whitelist.

userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

Add permitted users to the list:

sudo nano /etc/vsftpd.userlist

ftpuser1
ftpuser2

Only users explicitly listed can log in.

Enable Encrypted Communication with FTPS (SSL/TLS)

Standard FTP transmits credentials and data in plain text. To prevent interception, enable FTPS (FTP over SSL/TLS).

Create an SSL certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Add the following to vsftpd.conf:

ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Clients can now connect using explicit FTPS.

Disable Unnecessary Features

Disable unused features to reduce attack surface:

anonymous_enable=NO

This explicitly disables anonymous login.

5. Supporting Japanese Filenames

When transferring files via FTP, Japanese filenames may become garbled due to encoding mismatches—especially between Windows and Ubuntu.

Common Causes of Filename Encoding Issues

1. The Ubuntu locale is not set to UTF-8
2. The FTP client encoding does not match
3. vsftpd is not operating in UTF-8 mode

Verify and Configure Ubuntu Locale

locale

LANG=ja_JP.UTF-8

If UTF-8 is not enabled:

sudo update-locale LANG=ja_JP.UTF-8
source /etc/default/locale
sudo locale-gen ja_JP.UTF-8

Verify vsftpd UTF-8 Support

utf8_filesystem=YES

This option may not exist in all versions, but UTF-8 system locales usually suffice.

FTP Client Settings (FileZilla Example)

1. Open Site Manager
2. Select the server
3. Open the Charset tab
4. Enable custom charset and set it to UTF-8

6. Passive Mode and Firewall Configuration

FTP issues such as failed directory listings or stalled transfers are often caused by incorrect passive mode or firewall settings.

What Is Passive Mode?

• Active Mode: Server initiates the data connection
• Passive Mode: Client initiates all connections

Passive mode is strongly recommended for modern networks.

Enable Passive Mode in vsftpd

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000

Specify External IP Address (NAT Environments)

pasv_address=203.0.113.45

Open Required Ports in UFW

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw reload

7. Per-User Configuration

In production environments, it is common to assign different permissions and directories per user.

Create Dedicated FTP Users

sudo adduser ftpuser1
sudo useradd -m -s /usr/sbin/nologin ftpuser2

Recommended Directory Structure

/home/ftpuser1/
└── files/

sudo mkdir /home/ftpuser1/files
sudo chown ftpuser1:ftpuser1 /home/ftpuser1/files
sudo chmod 755 /home/ftpuser1

User-Specific Configuration Files

user_config_dir=/etc/vsftpd_user_conf

sudo mkdir /etc/vsftpd_user_conf
sudo nano /etc/vsftpd_user_conf/ftpuser1

local_root=/home/ftpuser1/files
write_enable=YES

8. Operation Verification

After completing all setup steps, verify that the FTP server operates correctly.

Command-Line Test

ftp localhost

ls
cd files
put test.txt
get test.txt

GUI Client Test (FileZilla)

Verify connection, directory listing, uploads, and downloads.

9. Troubleshooting

Common FTP issues and solutions include login failures, permission errors, passive mode misconfiguration, and encoding problems.

10. Conclusion

This article explained how to build a secure and practical FTP server on Ubuntu using vsftpd, covering installation, configuration, security, encoding, passive mode, user management, verification, and troubleshooting.

FAQ

Frequently asked questions about FTP server setup and operation on Ubuntu.