If you ever wondered how to create an FTP user and then restrict them to a certain directory in Ubuntu 16.04, this guide is for you. This guide works especially well with the following: Ubuntu 16.04, Amazon Web Services (AWS) – EC2.
You want to open up Terminal and type the following commands and follow the instructions in order.
You first want to make sure your ports are open in your security group for your server in AWS – EC2.
If not, you will need to add two Custom TCP rules:
Custom TCP Rule: 20-21
Custom TCP Rule: 1024-1048
Then save the rules.
We will then create FTP users.
We first want to create an FTP user:
sudo adduser yourftpuser
If you want, you can change the home directory of the user:
sudo usermod -d /your/path/for/the/user yourftpuser
You can also change the home directory by editing a file:
nano /etc/passwd
Then find and change it to whatever you like (something like this):
yourftpuser:x:1001:1001:,,,:/your/path/for/the/user
You first want to login as root:
sudo -i
You then want to update the repositories.
apt-get update
After that, you want to install vsftpd:
apt-get install vsftpd
Create a backup of your vsftpd file:
cp /etc/vsftpd.conf /etc/vsftpd.conf.backup
You can then edit the vsftpd.conf file with nano or vi:
nano /etc/vsftpd.conf
or
vi /etc/vsftpd.conf
Then you want to edit or uncomment the following lines so that the final result looks like this:
anonymous_enable=NO local_enable=YES write_enable=YES chroot_local_user=YES pam_service_name=ftp
and you want to add the following lines:
allow_writeable_chroot=YES pasv_enable=YES pasv_min_port=1024 pasv_max_port=1048
You then want to restart vsftpd for the changes to take effect:
systemctl restart vsftpd
or
/etc/init.d/vsftpd restart
You can now try to log into your server using FTP (port 21) via your favorite FTP client, such as FileZilla.
Good luck, and happy coding and working with servers!
