Step 1: Enable security group
Login into AWS management console and Click Security Groups under NETWORK & SECURITY.
Select our security group that we used while launching EC2 instance.
At the bottom of the page we will see the details of security group, in inbound tab.
Enter port 20 and 21 in port number text box and say Add Rule for each port. The rule will come on right hand side plane.
Enter range 12000 – 12100, 40000-41000, 49152 – 65534 and 1023, 1024
To apply rule change click Apply Rule Change button below.
Now, all the instances with this security group will now possess the new behavior.
Step 2: Install vsftpd
Install vsftpd with the below command
$apt-get update
$apt-get install vsftpd
At this point, vsftpd is started with access to anonymous users.
Step 3: Configure vsftpd
Open the configuration file for editing
$ vi /etc/vsftpd.conf
Modify the below lines in the file.
vsftpd allowed anonymous, unidentified users to access the server’s files. If we want to restrict this type of access we have make this option as NO
anonymous_enable=NO
Uncomment the local_enable option, changing it to yes and, additionally, allow the user to write to the directory
local_enable=YES
write_enable=YES
The below lines makes all the local users to be jailed within their chroot and will be denied access to any other part of the server
Chroot_local_user=YES
Add these lines at the bottom of the file.
pasv_max_port=41000
pasv_min_port=40000
port_enable=YES
pasv_enable=YES
Save and Exit the file. Because of a recent vsftpd upgrade, vsftpd is “refusing to run with writable root inside chroot”. The bug is resolved in version 3.0.0 which is not part of Debian wheezy:
We can easily install the package by the following sniplet
echo “deb http://ftp.cyconet.org/debian wheezy-updates main non-free contrib” >> \ /etc/apt/sources.list.d/wheezy-updates.cyconet.list; \ aptitude update; aptitude install -t wheezy-updates debian-cyconet-archive-keyring vsftpd && \ echo “allow_writeable_chroot=YES” >> /etc/vsftpd.conf && /etc/init.d/vsftpd restart
At this point, vsftpd is restarted and is ready to use.
Step 4: Creating Users
Here we create a sample users which will be having permissions for uploading/downloading files within their own directory.
Create user in unix with belew command
$useradd <username>
Set its password
$passwd <username>
Create home directory for this user.
$mkdir /home/<username>
Change directory ownership to this user
$chown <username>: <username> /home/<username>/
Follow the same steps for other users also.
At this point we are ready to use FTP.
Step 5: Access the FTP server
We use filezilla a FTP client to upload/download the files.
Mention Elastic IP of our server in Host text box, enter username, password and port as 21