Ora

How to create a file server in Ubuntu?

Published in File Sharing 6 mins read

Creating a file server in Ubuntu allows you to efficiently share files across a network, making it easier to manage and access data from various devices. One of the most common and robust methods is setting up an FTP (File Transfer Protocol) server using vsftpd, which provides secure and efficient file transfers. Alternatively, you can configure Samba for seamless integration with Windows networks or NFS for file sharing among Unix-like systems.

This guide will focus on setting up a secure FTP server with vsftpd, a popular and lightweight FTP daemon for Linux.

Setting Up an FTP File Server with vsftpd

Very Secure FTP Daemon (vsftpd) is a secure, stable, and fast FTP server ideal for Ubuntu. Here's a step-by-step process to set it up:

Step 1: Install vsftpd

First, ensure your package list is updated and then install the vsftpd package.

sudo apt update
sudo apt install vsftpd

Once installed, the vsftpd service will start automatically. You can check its status using:

sudo systemctl status vsftpd

Step 2: Configure Firewall Rules for FTP

Ubuntu uses UFW (Uncomplicated Firewall) by default. You need to open specific ports to allow FTP traffic.

  • Port 20: For FTP data transfer.
  • Port 21: For FTP command control.
  • Port 990: For FTPS (FTP Secure) explicit mode control.
  • Passive Ports (e.g., 40000-50000): A range of ports for passive mode data connections, which are crucial for FTP clients behind NAT.
sudo ufw allow OpenSSH       # Ensure SSH access is allowed
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp comment 'Passive FTP ports'
sudo ufw enable              # Enable the firewall (if not already)
sudo ufw status              # Verify the rules

Step 3: Create a Dedicated User and Directory

It's best practice to create a dedicated user for FTP access rather than using existing system users directly, and to restrict this user to a specific directory using chroot.

  1. Create a new FTP user (e.g., ftpuser):

    sudo adduser ftpuser

    You'll be prompted to set a password and provide user details.

  2. Create a base directory for FTP and set permissions:

    The vsftpd server works best when the chroot directory is not writable by the FTP user for security reasons. We'll create a subdirectory inside the chroot that the user can write to.

    # Create the chroot base directory
sudo mkdir /home/ftpuser/ftp

# Set ownership to nobody:nogroup and remove write permissions for others
# This is crucial for vsftpd's secure chroot
sudo chown nobody:nogroup /home/ftpuser/ftp
sudo chmod a-w /home/ftpuser/ftp

# Create a 'files' directory inside the chroot, where the user can upload
sudo mkdir /home/ftpuser/ftp/files

# Grant ownership of the 'files' directory to the ftpuser
sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files

Step 4: Configure vsftpd

The primary configuration file for vsftpd is /etc/vsftpd.conf. It's wise to back up the original file before making changes.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
sudo nano /etc/vsftpd.conf

Modify or add the following lines to your vsftpd.conf file:

# Disable anonymous access
anonymous_enable=NO

# Allow local system users to log in
local_enable=YES

# Allow FTP users to upload and create directories
write_enable=YES

# Set the default file permissions for uploaded files
local_umask=022

# Enable directory messages
dirmessage_enable=YES

# Use local time
use_localtime=YES

# Enable logging of FTP transfers
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to My Secure FTP Service.

# Chroot local users to their home directory for security
# This means users cannot navigate outside their designated 'ftp' directory.
chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER/ftp

# Enable passive mode and define the port range
# These ports must be opened in your firewall (Step 2)
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000

# Specify a list of users allowed to log in (whitelist approach)
user_list_enable=YES
user_list_file=/etc/vsftpd.userlist
user_list_deny=NO # If NO, only users in user_list_file are allowed

After configuring, you need to create the /etc/vsftpd.userlist file and add your allowed FTP user(s) to it:

echo "ftpuser" | sudo tee -a /etc/vsftpd.userlist

Finally, restart the vsftpd service to apply the changes:

sudo systemctl restart vsftpd

Step 5: Enhance FTP Server Security

Beyond basic configuration, further securing your FTP server is crucial:

  • SSL/TLS Encryption (FTPS): This encrypts both the control and data channels, preventing eavesdropping.
    1. Generate an SSL certificate:
      sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem

      Fill in the required information.

    2. Edit vsftpd.conf again:
      Uncomment or add these lines at the end of the file:
      ssl_enable=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1_2=YES # Prefer TLSv1.2 for modern security
ssl_sslv2=NO
ssl_sslv3=NO
    3. Restart vsftpd:
      sudo systemctl restart vsftpd
  • Deny Shell Access for FTP Users: For security, FTP users should typically not have shell access to the server. You can modify the user's shell to /usr/sbin/nologin (or /bin/false).
    sudo usermod -s /usr/sbin/nologin ftpuser

Step 6: Test Your FTP Connection

You can test your FTP server using a dedicated FTP client like FileZilla or a web browser.

Using FileZilla:

  1. Host: Enter your Ubuntu server's IP address or hostname.
  2. Username: ftpuser (or whatever username you created).
  3. Password: The password you set for ftpuser.
  4. Port: 21 (for standard FTP) or leave blank.
  5. Encryption: Select "Require explicit FTP over TLS" if you enabled SSL/TLS.

You should be able to connect and see the files directory within /home/ftpuser/ftp. Try uploading a test file to the files directory to ensure write permissions are working correctly.

Alternative File Server Solutions

While FTP is excellent for simple file transfers, other protocols offer different advantages:

Samba (SMB/CIFS) for Windows Compatibility

Samba allows Linux servers to share files and printers with Windows, macOS, and other Linux machines using the SMB/CIFS protocol. It's ideal for environments with mixed operating systems.

  • Installation:
    sudo apt install samba
  • Configuration: You edit /etc/samba/smb.conf to define shares, users, and permissions. Learn more about Samba shares.

NFS (Network File System) for Unix-like Systems

NFS is a native file-sharing protocol for Unix and Linux systems, designed for efficient sharing across networks where all clients are Linux-based.

By following these steps, you can establish a robust and secure file server in Ubuntu, tailored to your specific needs.

← Previous Article
What is the Full Form of GC?
Next Article →
How to Share Files Through a Router?