Firstly; let me stress that you should really try and avoid using FTP. It’s an old protocol, it’s not secure – and by default the SSH support on the Pi should be sufficient for all your needs. On Windows, you can use WinSCP to get you an FTP-like UI to transfer files too/from the Pi.
However; this guide explains how to set up basic FTP access – which I personally use on a Raspberry Pi file server, which my multi-function network printer sends scans to. So my FTP server is locked down to internal access only, and doesn’t allow for access across the web. You should see my guide to configuring iptables on how to lock down FTP on the Pi.
So you’re ready to install an FTP daemon? I use VSFTPD (or ‘Very Secure FTP Daemon’) – so enter the command:
~# sudo apt-get install vsftpd
Create an FTP user
In my case, I want my printer to access the FTP server – so I create a dedicated printer user.
~# sudo adduser printer
You’ll be prompted for the password for the new account, and then additional account details (you can leave this blank, or fill in).
Edit the VSFTPD config with:
~# sudo nano /etc/vsftpd.conf
Find and uncomment the following lines:
If you plan on just using the FTP account for one user (as in my use-case), consider uncommenting:
Alternatively leave the above two lines commented, if you’re going to have multiple FTP users.
A quick tip on Security
If you are new to security on Linux and allowing remote access, you need to understand a very important concept – that of jailing users.
By default with most Remote Daemons on Linux (FTP, SSH, SCP etc) – the user connecting remotely can have access to the entire system. You don’t really want this – not unless you REALLY trust the person you’re allowing remote access to.
So you need to learn about ‘jailing’ users – locking their sessions into certain folders where they cannot navigate out of. If you have used online web hosting solutions you may not realise that you have encountered this already – on a shared web hosting solution, it is very rare to be able to see other users on the same shared web host. That’s because your user session is jailed to your own directories on the shared server.
VSFTPD allows you to do some basic jailing with the following option enabled:
You should do more reading on this topic yourself so that you fully understand it.
Add the following to the end of the config file:
The “allow_writeable_chroot” option allows users to make changes to the root directory they can see when they connect. And “local_root” defines the user’s root directory is /home/<their username>/ftp
The directory ‘ftp’ will be created the first time the user connects to the system.