Skip to content

Instantly share code, notes, and snippets.

@kieetnvt
Forked from tylermakin/ec2-ftp-tutorial.md
Created April 3, 2021 02:48
Show Gist options
  • Save kieetnvt/b5cab42690de97bb239af74535e7cc96 to your computer and use it in GitHub Desktop.
Save kieetnvt/b5cab42690de97bb239af74535e7cc96 to your computer and use it in GitHub Desktop.
Tutorial for configuring FTP access to an EC2 server

AWS EC2 FTP Server Configuration

Launch an EC2 Instance

See Amazon tutorial: Getting Started with Amazon EC2 Linux Instances

Install LAMP Stack on Instance

See Amazon tutorial: Installing a LAMP Web Server on Amazon Linux

Configure FTP on Instance

Open FTP Ports

From the console or the AWS CLI, create new security group for FTP access and attach to EC2 instance (optional) or edit an existing security group attached to EC2 instance. Next, add new inbound rules to allow access via FTP ports.

Type Protocol Port Range Source
Custom TCP Rule TCP 20 - 21 0.0.0.0/0
Custom TCP Rule TCP 1024 - 1048 0.0.0.0/0

Source 0.0.0.0/0 opens the port to any IPv4 address. To restrict access to a specific IP address, replace 0.0.0.0/0 with your address, e.g. www.xxx.yyy.zzz/32

Install vsftpd

SSH into EC2 instance (tutorial) and install vsftpd:

$ sudo yum install vsftpd

Configure FTP

Use Linux's nano tool to open and edit vsftpd.conf from the command line:

$ sudo nano /etc/vsftpd/vsftpd.conf

Change anonymous_enable from YES to NO (optional). This will disable anonymous FTP users:

anonymous_enable=NO

Set chroot_local_user to YES (optional). This will restrict users to their home directories for security. This line may already exist but is commented out with #:

chroot_local_user=YES

Add the following to the end of the file. Replace <YOUR_IP> with the public IP of your EC2 instance:

pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<YOUR_IP>

Change the default FTP upload folder (optional). Add the following to the end of the file:

local_root=/var/www/html

Note that you may need to use chmod to change file permissions and allow FTP users to read and write to this folder:

$ sudo find /var/www/html -type d -exec chmod 777 {} \;

Start vsftpd service:

$ sudo /etc/init.d/vsftpd start

Set vsftpd service to automatically run when restarting server:

$ sudo chkconfig --level 345 vsftpd on

Create FTP User

Add FTP user with adduser. Replace <USERNAME> with the new username to be added:

$ sudo adduser <USERNAME>

Add password for user with passwd:

$ sudo passwd <USERNAME>

Restrict user's access to a specific folder (optional). Restrict access to folder then add to www group to allow access to /var/www folder:

$ sudo usermod -d /var/www/html <USERNAME>
$ sudo usermod -a -G www <USERNAME>

Restrict users to a folder of their own name (optional). With this setup, test-user can only write to /var/www/html/test-user. Define a variable for the username then change the local_root to reflect the desired path:

$ sudo nano /etc/vsftpd/vsftpd.conf
user_sub_token=$USER
local_root=/var/www/html/$USER
$ sudo /etc/init.d/vsftpd restart

Sources:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment