Configure FTP on a Raspberry Pi

Firstly; let me stress that you should really try and avoid using FTP. It’s an old protocol, it’s not secure – and by default the SSH support on the Pi should be sufficient for all your needs. On Windows, you can use WinSCP to get you an FTP-like UI to transfer files too/from the Pi.

However; this guide explains how to set up basic FTP access – which I personally use on a Raspberry Pi file server, which my multi-function network printer sends scans to. So my FTP server is locked down to internal access only, and doesn’t allow for access across the web. You should see my guide to configuring iptables on how to lock down FTP on the Pi.

Install VSFTPD

So you’re ready to install an FTP daemon? I use VSFTPD (or ‘Very Secure FTP Daemon’) – so enter the command:

~# sudo apt-get install vsftpd

Create an FTP user

In my case, I want my printer to access the FTP server – so I create a dedicated printer user.

~# sudo adduser printer

You’ll be prompted for the password for the new account, and then additional account details (you can leave this blank, or fill in).

Configure VSFTPD

Edit the VSFTPD config with:

~# sudo nano /etc/vsftpd.conf

Find and uncomment the following lines:

write_enable=YES
local_umask=022

If you plan on just using the FTP account for one user (as in my use-case), consider uncommenting:

chown_uploads=YES
chown_username=printer

Alternatively leave the above two lines commented, if you’re going to have multiple FTP users.

A quick tip on Security

If you are new to security on Linux and allowing remote access, you need to understand a very important concept – that of jailing users.

By default with most Remote Daemons on Linux (FTP, SSH, SCP etc) – the user connecting remotely can have access to the entire system. You don’t really want this – not unless you REALLY trust the person you’re allowing remote access to.

So you need to learn about ‘jailing’ users – locking their sessions into certain folders where they cannot navigate out of. If you have used online web hosting solutions you may not realise that you have encountered this already – on a shared web hosting solution, it is very rare to be able to see other users on the same shared web host. That’s because your user session is jailed to your own directories on the shared server.

VSFTPD allows you to do some basic jailing with the following option enabled:

chroot_local_user=YES

You should do more reading on this topic yourself so that you fully understand it.

Finally

Add the following to the end of the config file:

user_sub_token=$USER
local_root=/home/$USER/ftp
allow_writeable_chroot=YES

The “allow_writeable_chroot” option allows users to make changes to the root directory they can see when they connect. And “local_root” defines the user’s root directory is /home/<their username>/ftp

The directory ‘ftp’ will be created the first time the user connects to the system.

Leave a Reply

Your email address will not be published. Required fields are marked *