Managing users on a Debian FTP server primarily involves using vsftpd (Very Secure FTP Daemon)—the most widely used FTP server software in Debian-based systems. Below is a structured guide covering user creation, permission configuration, and essential security practices.
Before managing users, ensure vsftpd is installed. Run the following commands to update your package list and install the software:
sudo apt update
sudo apt install vsftpd
The core of FTP user management lies in editing the vsftpd configuration file (/etc/vsftpd.conf). Open the file with a text editor (e.g., nano):
sudo nano /etc/vsftpd.conf
Adjust the following key parameters to enable local user access and restrict access to home directories:
local_enable=YES: Allows login from local system users.write_enable=YES: Permits file uploads/downloads (modify as needed).chroot_local_user=YES: Restricts users to their home directories (prevents access to other parts of the filesystem).allow_writeable_chroot=YES: Required if chroot_local_user=YES is enabled—ensures the chroot directory can be written to (critical for uploads).Save changes and exit the editor.
Use the adduser command to create a new FTP user. This command automates home directory creation and password setup:
sudo adduser ftpuser
Follow the prompts to set a password and provide optional user information (e.g., full name). The user’s home directory will default to /home/ftpuser.
usermod to set a custom home directory (e.g., /var/ftp/ftpuser):sudo usermod -d /var/ftp/ftpuser ftpuser
/sbin/nologin:sudo usermod -s /sbin/nologin ftpuser
Proper permissions are critical to ensure users can access their directories while maintaining security. Run these commands for each FTP user:
sudo chown ftpuser:ftpuser /home/ftpuser # Set ownership to the FTP user
sudo chmod 755 /home/ftpuser # Allow read/execute for others (required for chroot)
If chroot_local_user=YES is enabled, also run:
sudo chown root:root /home/ftpuser # Root owns the chroot directory
sudo chmod 755 /home/ftpuser # Prevent users from modifying the directory structure
For granular control over which users can log in, use the vsftpd.user_list file:
echo "ftpuser" | sudo tee -a /etc/vsftpd.user_list
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO # Set to "YES" to deny listed users (opposite behavior)
After making configuration changes, restart the vsftpd service to apply them:
sudo systemctl restart vsftpd
If you’re using UFW (Uncomplicated Firewall), allow FTP ports to permit external connections:
sudo ufw allow 21/tcp # Standard FTP port
sudo ufw allow 990/tcp # FTPS (implicit SSL/TLS) port
sudo ufw allow 40000:50000/tcp # Passive mode ports (adjust range as needed)
sudo ufw enable # Enable the firewall
Use an FTP client (e.g., FileZilla) to verify user access:
ftpuser)Test uploading/downloading files to ensure permissions are correctly configured.
/sbin/nologin to prevent unauthorized system access./var/log/vsftpd.log for suspicious activity (e.g., failed login attempts).By following these steps, you can effectively manage FTP users on your Debian server, ensuring secure and controlled access to your files.
