Open Ticket 
+373 79 600002 
Telegram Live Chat 
F.A.Q 
English
Русский 
Română 
Deutsch 
Français 
Türkçe 
Español 
Português 
Українська 
български 
Polski 
Indonesia 
中文 (中国) 
Administration 
LinuxHow to Install and Configure an FTP Server on Ubuntu with vsftpd
File transfer is a fundamental task for any server administrator. Whether you're uploading website files, managing backups, or sharing large datasets between systems, having a reliable FTP server in place makes the entire process significantly more efficient. This comprehensive guide walks you through installing, configuring, and securing vsftpd (Very Secure FTP Daemon) on Ubuntu — the most trusted FTP server solution for Linux environments.
Why Use vsftpd on Ubuntu?
FTP (File Transfer Protocol) remains one of the most widely used methods for transferring files between a local machine and a remote server. While newer alternatives like SFTP and SCP exist, FTP with SSL/TLS encryption (FTPS) continues to be a practical choice for many hosting environments.
vsftpd stands out as the preferred FTP daemon on Ubuntu for several compelling reasons:
- Lightweight footprint — minimal resource consumption, ideal for VPS environments
- Strong security model — built-in support for SSL/TLS, chroot jails, and fine-grained access controls
- Active maintenance — regularly updated and well-documented
- Compatibility — works seamlessly with popular FTP clients like FileZilla, WinSCP, and Cyberduck
If you're running a VPS Hosting environment or a Dedicated Server, vsftpd is an excellent choice for managing file transfers securely and efficiently.
Prerequisites
Before getting started, ensure you have the following:
- A server running Ubuntu 20.04, 22.04, or 24.04
- Root or sudo access to the server
- A basic understanding of the Linux command line
- UFW firewall installed (recommended)
Step 1: Update Your System
Before installing any new software, it is critical to ensure your system packages are fully up to date. This prevents dependency conflicts and ensures you receive the latest security patches.
Open a terminal and run:
sudo apt update
sudo apt upgrade -yWait for the upgrade process to complete before proceeding.
Step 2: Install vsftpd
Install the vsftpd package from Ubuntu's official repositories:
sudo apt install vsftpd -yOnce the installation completes, verify that the vsftpd service is running:
sudo systemctl status vsftpdYou should see output indicating the service is active (running). If the service is not running, start it manually:
sudo systemctl start vsftpd
sudo systemctl enable vsftpdThe enable flag ensures vsftpd starts automatically on every system reboot.
Step 3: Back Up the Default Configuration File
Before modifying any configuration file, always create a backup. This allows you to restore the original settings if something goes wrong:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bakStep 4: Configure vsftpd
The main configuration file for vsftpd is located at /etc/vsftpd.conf. Open it with your preferred text editor:
sudo nano /etc/vsftpd.confApply the following configuration changes to enhance both functionality and security:
4.1 — Allow Local Users to Log In
Find and uncomment the following line to permit local system users to authenticate via FTP:
local_enable=YES4.2 — Enable File Uploads
To allow authenticated users to upload files to the server, uncomment:
write_enable=YES4.3 — Restrict Users to Their Home Directories (Chroot Jail)
This is a critical security measure. It prevents FTP users from navigating outside their designated home directories:
chroot_local_user=YES4.4 — Configure Passive Mode Ports
Passive mode is essential for clients behind NAT or firewalls. Add the following lines at the bottom of the configuration file:
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=500004.5 — Additional Recommended Security Settings
Add or verify the following directives for a hardened configuration:
anonymous_enable=NO
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES> Key settings explained:
> – anonymous_enable=NO — Disables anonymous FTP access, a major security risk
> – xferlog_enable=YES — Logs all file transfers for auditing purposes
> – use_localtime=YES — Uses the server's local time in log entries
Once all changes are made, save the file with Ctrl+O, then exit with Ctrl+X.
Step 5: Create a Dedicated FTP User
It is best practice to create a dedicated user account specifically for FTP access rather than using your root or administrative account:
sudo adduser ftpuserFollow the interactive prompts to set a strong password and complete the user creation process.
Next, create a dedicated FTP directory for this user and set the correct ownership and permissions:
sudo mkdir -p /home/ftpuser/ftp/upload
sudo chown nobody:nogroup /home/ftpuser/ftp
sudo chmod a-w /home/ftpuser/ftp
sudo chown ftpuser:ftpuser /home/ftpuser/ftp/upload> Why this structure? The parent ftp directory is owned by nobody and non-writable, satisfying vsftpd's chroot security requirement. The upload subdirectory is where the user actually reads and writes files.
Step 6: Restart vsftpd to Apply Changes
After completing the configuration, restart the vsftpd service:
sudo systemctl restart vsftpdConfirm the service is still running correctly:
sudo systemctl status vsftpdStep 7: Configure the UFW Firewall
If UFW (Uncomplicated Firewall) is active on your server, you must open the necessary ports for FTP traffic. FTP uses port 21 for commands, port 20 for active mode data transfers, and the passive port range defined in your configuration:
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcpReload the firewall to apply the new rules:
sudo ufw reloadVerify the updated rules:
sudo ufw statusStep 8: Test Your FTP Server
With everything configured, it's time to test the connection. You can use any standard FTP client:
Option A: Using FileZilla (GUI Client)
- Open FileZilla and navigate to File → Site Manager
- Click New Site and enter a name
- Set Protocol to
FTP – File Transfer Protocol - Enter your server's IP address in the Host field
- Set Port to
21 - Set Logon Type to
Normal - Enter
ftpuseras the username and your chosen password - Click Connect
Option B: Using the Command Line
ftp your_server_ipEnter ftpuser and the associated password when prompted. Test file uploads and downloads to confirm everything works as expected.
Step 9: Secure FTP with SSL/TLS Encryption (Strongly Recommended)
Transmitting credentials and data over plain FTP is a significant security risk. Encrypting your FTP connection with SSL/TLS transforms it into FTPS, protecting your data in transit.
Generate a Self-Signed SSL Certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048
-keyout /etc/ssl/private/vsftpd.pem
-out /etc/ssl/private/vsftpd.pemUpdate vsftpd Configuration for SSL/TLS
Open the configuration file again:
sudo nano /etc/vsftpd.confAdd or update the following directives:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pemRestart vsftpd to apply the SSL configuration:
sudo systemctl restart vsftpd> Pro tip: For production environments, consider using a trusted SSL certificate from a certificate authority rather than a self-signed certificate. AlexHost offers SSL Certificates that provide full browser and client trust without certificate warnings.
Troubleshooting Common vsftpd Issues
| Problem | Likely Cause | Solution |
|---|---|---|
500 OOPS: vsftpd: refusing to run with writable root inside chroot | Chroot directory is writable | Remove write permission from the chroot root: sudo chmod a-w /home/ftpuser/ftp |
| Connection refused on port 21 | Firewall blocking FTP | Verify UFW rules with sudo ufw status |
| Passive mode connection failures | Passive port range not open | Ensure ports 40000–50000 are open in UFW |
| Login authentication failure | Incorrect credentials or PAM issue | Verify user exists with id ftpuser and reset password if needed |
| Cannot upload files | write_enable not set | Confirm write_enable=YES in /etc/vsftpd.conf |
To review vsftpd logs for detailed error information:
sudo tail -f /var/log/vsftpd.logChoosing the Right Hosting Environment for Your FTP Server
The performance and security of your FTP server are directly influenced by the quality of your underlying hosting infrastructure. Here's what to consider:
- VPS Hosting — Ideal for most use cases. Provides dedicated resources, full root access, and the flexibility to configure vsftpd exactly as needed.
- Dedicated Servers — Best for high-traffic environments or organizations with strict data isolation requirements. Maximum performance and complete control.
- Shared Web Hosting — Suitable for basic file management needs with lower traffic volumes. Note that vsftpd installation requires root access, which is not available on shared hosting.
For teams that also need professional email infrastructure alongside their file transfer setup, Email Hosting provides a reliable, managed solution without the overhead of self-hosting a mail server.
Conclusion
Setting up a fully functional and secure FTP server on Ubuntu with vsftpd is a straightforward process when approached systematically. By following this guide, you have:
- ✅ Installed and enabled vsftpd on Ubuntu
- ✅ Configured secure, chroot-jailed user access
- ✅ Set up passive mode for broad client compatibility
- ✅ Opened the correct firewall ports
- ✅ Optionally secured the connection with SSL/TLS encryption
Whether you're managing website files, automating backups, or enabling team-based file sharing, vsftpd on a well-configured Ubuntu VPS delivers the reliability and security you need. With AlexHost's high-performance VPS Hosting infrastructure, you get the ideal foundation for running vsftpd in production — with enterprise-grade uptime, full root access, and responsive technical support whenever you need it.