{"id":12511,"date":"2025-12-20T11:19:48","date_gmt":"2025-12-20T05:49:48","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12511"},"modified":"2025-12-20T11:19:50","modified_gmt":"2025-12-20T05:49:50","slug":"install-ftp-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/install-ftp-on-linux","title":{"rendered":"How to Install FTP on Linux Server for 2026: Step-by Step Guide"},"content":{"rendered":"\n<p><strong>To install FTP on a Linux server<\/strong>, install the vsftpd package, enable and start the service, configure \/etc\/vsftpd.conf for local users, chroot, passive ports, and TLS, open firewall ports (21 and a passive range), create a restricted FTP user, and test with an FTP client. The steps below cover Ubuntu\/Debian and RHEL-based systems.<\/p>\n\n\n\n<p>Installing an FTP server on Linux is straightforward when you follow industry best practices. In this guide, you\u2019ll learn how to install FTP on a Linux server using vsftpd, configure secure access with TLS, set passive mode correctly, open firewall ports, handle SELinux, and troubleshoot common errors\u2014so your uploads work reliably from day one.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-ftp-and-when-should-you-use-it\"><strong>What is FTP and When Should You Use it?<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-47.png\" alt=\"What Is FTP and When Should You Use It?\" class=\"wp-image-12656\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-47.png 1536w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-47-150x100.png 150w\" sizes=\"auto, (max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n\n\n\n<p>FTP (File Transfer Protocol) moves files between a client and server over TCP\/IP. It\u2019s widely supported by hosting panels, CI tools, and desktop clients. For security, you should use FTPS (FTP over TLS) or SFTP (SSH File Transfer Protocol). SFTP runs over SSH; FTPS is FTP with encryption.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ftp-vs-ftps-vs-sftp-quick-comparison\"><strong>FTP vs FTPS vs SFTP (Quick Comparison)<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2496\" height=\"1664\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-51.png\" alt=\"FTP vs FTPS vs SFTP (Quick Comparison)\" class=\"wp-image-12677\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-51.png 2496w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-51-150x100.png 150w\" sizes=\"auto, (max-width: 2496px) 100vw, 2496px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>FTP:<\/strong> Plain-text credentials and data; only use in trusted, isolated networks.<\/li>\n\n\n\n<li>FTPS: Adds TLS encryption to FTP (ports 21 + passive range); compliant with many enterprise workflows.<\/li>\n\n\n\n<li>SFTP: Uses SSH on port 22; simpler firewalling, strong security; recommended if clients support it.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites\"><strong>Prerequisites<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.youstable.com\/blog\/install-yum-on-linux\/\">Linux server<\/a> (Ubuntu\/Debian or RHEL\/CentOS\/AlmaLinux\/Rocky)<\/li>\n\n\n\n<li>Root or sudo access<\/li>\n\n\n\n<li>Firewall access (UFW, firewalld, or iptables)<\/li>\n\n\n\n<li>Public IP and DNS (optional but recommended)<\/li>\n\n\n\n<li>FTP client (FileZilla, WinSCP, or lftp) for testing<\/li>\n<\/ul>\n\n\n\n<p>If you\u2019re on a <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-fully-managed-dedicated-server\/\">managed VPS or dedicated server from YouStable<\/a>, you can request pre-hardened vsftpd or SFTP setup to save time and reduce misconfigurations.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-vsftpd-on-linux\"><strong>Install vsftpd on Linux<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ubuntu-debian\"><strong>Ubuntu\/Debian<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y vsftpd\nsudo systemctl enable --now vsftpd\nsudo systemctl status vsftpd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rhel-centos-almalinux-rocky\"><strong>RHEL\/CentOS\/AlmaLinux\/Rocky<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install -y vsftpd\n# On older CentOS:\n# sudo yum install -y vsftpd\nsudo systemctl enable --now vsftpd\nsudo systemctl status vsftpd<\/code><\/pre>\n\n\n\n<p>vsftpd is chosen for its performance and strong security defaults. It\u2019s battle-tested on high-traffic servers and plays nicely with chroot jails.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"back-up-and-edit-the-vsftpd-configuration\"><strong>Back Up and Edit the vsftpd Configuration<\/strong><\/h2>\n\n\n\n<p>Before changes, back up your config file. Then apply safe, production-ready defaults.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cp \/etc\/vsftpd.conf \/etc\/vsftpd.conf.bak<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"recommended-base-configuration\"><strong>Recommended Base Configuration<\/strong><\/h3>\n\n\n\n<p>Edit \/etc\/vsftpd.conf and use the following baseline. It enables local users, chroot, passive mode, and prepares for TLS.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Core settings\nlisten=YES\nlisten_ipv6=NO\n\n# Authentication &amp; access\nanonymous_enable=NO\nlocal_enable=YES\nwrite_enable=YES\n\n# Security &amp; isolation\nchroot_local_user=YES\nallow_writeable_chroot=YES\n\n# Permissions &amp; umask\nlocal_umask=022\nfile_open_mode=0644\ndirlist_enable=YES\nxferlog_enable=YES\nxferlog_std_format=YES\n\n# Passive mode (adjust to your server's public IP and port range)\npasv_enable=YES\npasv_min_port=40000\npasv_max_port=40100\npasv_address=YOUR.PUBLIC.IP.ADDRESS\n\n# Performance\nuse_localtime=YES\nmax_clients=30\nmax_per_ip=10\n\n# TLS (FTPS) - enable after creating certs\nssl_enable=YES\nallow_anon_ssl=NO\nforce_local_logins_ssl=YES\nforce_local_data_ssl=YES\nssl_tlsv1_2=YES\nrsa_cert_file=\/etc\/ssl\/private\/vsftpd.pem\nrsa_private_key_file=\/etc\/ssl\/private\/vsftpd.pem\n\n# Logging\ndual_log_enable=YES\nxferlog_file=\/var\/log\/vsftpd.log<\/code><\/pre>\n\n\n\n<p>Replace YOUR.PUBLIC.IP.ADDRESS with the <a href=\"https:\/\/www.youstable.com\/blog\/change-name-server-on-youstable\/\">server\u2019s public IP or DNS name<\/a>. On cloud instances with NAT (e.g., behind a load balancer or firewall appliance), set pasv_address to the external IP.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-a-restricted-ftp-user\"><strong>Create a Restricted FTP User<\/strong><\/h2>\n\n\n\n<p>For security, create a dedicated system user for FTP uploads and limit shell access.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Create a user with home directory\nsudo adduser ftpuser\n# Or on RHEL-based:\n# sudo adduser ftpuser &amp;&amp; sudo passwd ftpuser\n\n# Optionally, prevent SSH shell login\nsudo usermod -s \/usr\/sbin\/nologin ftpuser  # Debian\/Ubuntu\n# sudo usermod -s \/sbin\/nologin ftpuser    # RHEL-based\n\n# Create an upload directory and set permissions\nsudo mkdir -p \/home\/ftpuser\/uploads\nsudo chown -R ftpuser:ftpuser \/home\/ftpuser\nsudo chmod -R 755 \/home\/ftpuser\nsudo chmod 755 \/home\/ftpuser\/uploads<\/code><\/pre>\n\n\n\n<p>Because chroot locks users into their home, avoid making the home directory group-writable without allow_writeable_chroot=YES. Keep upload directories writable and the home directory itself readable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"open-firewall-ports-for-ftp-and-passive-mode\"><strong>Open Firewall Ports for FTP and Passive Mode<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ufw-ubuntu-debian\"><strong>UFW (Ubuntu\/Debian)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 21\/tcp\nsudo ufw allow 40000:40100\/tcp\nsudo ufw reload\nsudo ufw status<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"firewalld-rhel-almalinux-rocky\"><strong>firewalld (RHEL\/AlmaLinux\/Rocky)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --permanent --add-port=21\/tcp\nsudo firewall-cmd --permanent --add-port=40000-40100\/tcp\nsudo firewall-cmd --reload\nsudo firewall-cmd --list-all<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"iptables-legacy\"><strong>iptables (legacy)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 40000:40100 -j ACCEPT\nsudo service iptables save  # or iptables-save &gt; \/etc\/iptables.rules<\/code><\/pre>\n\n\n\n<p>Passive mode is essential when clients are behind NAT or strict firewalls. Always match the passive port range in both vsftpd.conf and your firewall rules.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"handle-selinux-rhel-based\"><strong>Handle SELinux (RHEL-based)<\/strong><\/h3>\n\n\n\n<p>If SELinux is enforcing, allow FTP to read\/write home directories and use passive ports.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Install policy utilities if missing\nsudo dnf install -y policycoreutils-python-utils\n\n# Allow FTP to read\/write user home dirs\nsudo setsebool -P ftp_home_dir on\n\n# Allow passive mode ports (adjust range as needed)\nsudo semanage port -a -t ftp_port_t -p tcp 40000-40100  # add\n# If already exists, use -m to modify:\n# sudo semanage port -m -t ftp_port_t -p tcp 40000-40100<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-tls-ftps-for-secure-transfers\"><strong>Enable TLS (FTPS) for Secure Transfers<\/strong><\/h2>\n\n\n\n<p>Encrypt credentials and data in transit with TLS. Use a self-signed certificate for internal use or a CA-signed certificate for production.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo mkdir -p \/etc\/ssl\/private\nsudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \\\n  -keyout \/etc\/ssl\/private\/vsftpd.pem \\\n  -out \/etc\/ssl\/private\/vsftpd.pem\nsudo chmod 600 \/etc\/ssl\/private\/vsftpd.pem<\/code><\/pre>\n\n\n\n<p>Confirm the TLS directives in \/etc\/vsftpd.conf point to \/etc\/ssl\/private\/vsftpd.pem. Then restart vsftpd.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart vsftpd<\/code><\/pre>\n\n\n\n<p>In your FTP client, use FTPS (explicit TLS) on port 21. This keeps compatibility while encrypting sessions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"start-enable-and-test-the-ftp-server\"><strong>Start, Enable, and Test the FTP Server<\/strong><\/h2>\n\n\n\n<p>Ensure vsftpd is running and listening on port 21. Then test from a remote machine with an FTP client.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status vsftpd\nsudo ss -tulpn | grep :21  # or: sudo netstat -tulpn | grep :21<\/code><\/pre>\n\n\n\n<p><strong>In FileZilla, set:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Host: your-server-ip or domain<\/li>\n\n\n\n<li>Protocol: <a href=\"https:\/\/www.youstable.com\/blog\/how-to-use-filezilla-client\/\">FTP &#8211; File Transfer<\/a> Protocol<\/li>\n\n\n\n<li>Encryption: Require Explicit FTP over TLS<\/li>\n\n\n\n<li>Logon Type: Normal<\/li>\n\n\n\n<li>User: ftpuser \/ Password: your password<\/li>\n<\/ul>\n\n\n\n<p>If the connection stalls on \u201cEntering Passive Mode\u201d, re-check passive port rules and pasv_address. If authentication fails, verify the user exists and that local_enable=YES.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"optional-use-sftp-ssh-instead-of-ftp\"><strong>Optional: Use SFTP (SSH) Instead of FTP<\/strong><\/h2>\n\n\n\n<p>SFTP is often simpler and more secure, using port 22 with fewer firewall concerns. It\u2019s ideal if your tools and clients support it.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ensure OpenSSH server is installed and running\nsudo apt install -y openssh-server   # Ubuntu\/Debian\n# sudo dnf install -y openssh-server # RHEL-based\nsudo systemctl enable --now ssh\n\n# Create an SFTP-only group and chrooted user\nsudo groupadd sftpusers\nsudo useradd -m -G sftpusers -s \/usr\/sbin\/nologin sftpuser\nsudo passwd sftpuser\nsudo mkdir -p \/home\/sftpuser\/uploads\nsudo chown root:root \/home\/sftpuser\nsudo chmod 755 \/home\/sftpuser\nsudo chown sftpuser:sftpusers \/home\/sftpuser\/uploads\n\n# Configure SSHD\nsudo bash -c 'cat &gt;&gt; \/etc\/ssh\/sshd_config &lt;&lt;EOF\n\nMatch Group sftpusers\n    ChrootDirectory %h\n    ForceCommand internal-sftp\n    X11Forwarding no\n    AllowTcpForwarding no\nEOF'\nsudo systemctl restart ssh<\/code><\/pre>\n\n\n\n<p>Connect using sftp sftpuser@your-server-ip or an SFTP-capable client. This is the recommended choice for modern deployments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-hardening-checklist\"><strong>Security Hardening Checklist<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use FTPS (explicit TLS) or switch to SFTP.<\/li>\n\n\n\n<li>Disable anonymous access (anonymous_enable=NO).<\/li>\n\n\n\n<li>Chroot users (chroot_local_user=YES) and keep home non-writable.<\/li>\n\n\n\n<li>Limit login attempts with Fail2ban for vsftpd logs.<\/li>\n\n\n\n<li>Restrict passive ports to a narrow range and open only those ports.<\/li>\n\n\n\n<li>Use strong <a href=\"https:\/\/www.youstable.com\/blog\/ssh-keys-vs-password-authentication\/\">passwords or SSH keys<\/a> (for SFTP).<\/li>\n\n\n\n<li>Audit logs at \/var\/log\/vsftpd.log and system journal.<\/li>\n\n\n\n<li>Disable shell access for FTP-only users (nologin).<\/li>\n\n\n\n<li>Regularly update vsftpd and rotate TLS certificates.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-ftp-errors\"><strong>Troubleshooting Common FTP Errors<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"530-login-incorrect\"><strong>530 Login incorrect<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Confirm user exists and password is correct.<\/li>\n\n\n\n<li>Ensure local_enable=YES in vsftpd.conf.<\/li>\n\n\n\n<li>Check \/etc\/ftpusers or \/etc\/vsftpd\/ user deny files (user may be banned).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot\"><strong>500 OOPS: vsftpd: refusing to run with writable root inside chroot<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Set allow_writeable_chroot=YES or make the user\u2019s home non-writable (755) and create a separate writable subdirectory like uploads.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"connection-times-out-or-stalls-on-passive-mode\"><strong>Connection times out or stalls on Passive Mode<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Open passive ports in firewall and set pasv_min_port\/pasv_max_port.<\/li>\n\n\n\n<li>Set pasv_address to the public IP or DNS, especially behind NAT.<\/li>\n\n\n\n<li>Check upstream firewalls or provider security groups.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"tls-handshake-failures\"><strong>TLS handshake failures<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Verify rsa_cert_file path and file permissions (600).<\/li>\n\n\n\n<li>Ensure ssl_enable=YES and your client uses \u201cRequire Explicit FTP over TLS\u201d.<\/li>\n\n\n\n<li>Confirm TLS versions allowed match client support (ssl_tlsv1_2=YES).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-denials-rhel-based\"><strong>SELinux denials (RHEL-based)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable ftp_home_dir boolean and add passive ports with semanage.<\/li>\n\n\n\n<li>Review audit logs: sudo ausearch -m avc -ts recent.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-use-cases-and-best-practices\"><strong>Real-World Use Cases and Best Practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web deployments: Grant a single FTP user access to a site directory and deploy using FTPS from a CI pipeline.<\/li>\n\n\n\n<li>Client file intake: Create per-client chrooted users with unique credentials and directories.<\/li>\n\n\n\n<li>Backup workflows: Use FTPS or SFTP to push nightly database\/file archives from remote systems.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.youstable.com\/blog\/create-a-custom-hosting-environment-with-a-dedicated-server\/\">Hosting environments:<\/a> Prefer SFTP by default; keep FTPS available for legacy integrations.<\/li>\n<\/ul>\n\n\n\n<p>If you need a secure, ready-to-use environment, YouStable\u2019s VPS and Dedicated Servers come with root access, modern Linux distributions, and optional managed support. Our team can set up FTPS\/SFTP with hardened configs, firewall rules, and monitoring tailored to your stack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-install-ftp-on-linux-server\"><strong>FAQs: Install FTP on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765538232136\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"which-ftp-server-is-best-for-linux\"><strong>Which FTP server is best for Linux?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>vsftpd is a top choice for most Linux servers due to its speed, security features, and simplicity. ProFTPD and Pure-FTPd are also solid, especially in hosting panels, but vsftpd\u2019s defaults make it ideal for modern VPS and dedicated servers.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765538242846\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-enable-ftps-tls-on-vsftpd\"><strong>How do I enable FTPS (TLS) on vsftpd?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Create or install a certificate at \/etc\/ssl\/private\/vsftpd.pem, set ssl_enable=YES in \/etc\/vsftpd.conf, and restart vsftpd. In your client, choose \u201cExplicit FTP over TLS\u201d. Open port 21 and your passive port range in the firewall.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765538259265\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-ports-should-i-open-for-ftp\"><strong>What ports should I open for FTP?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Open TCP port 21 for control and a narrow passive range (e.g., 40000\u201340100) for data. Match the passive range in both vsftpd.conf and your firewall rules. For SFTP, only port 22 is required.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765538274427\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"why-does-ftp-fail-behind-nat-or-a-cloud-firewall\"><strong>Why does FTP fail behind NAT or a cloud firewall?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>FTP uses separate data connections. Without passive mode and a defined passive port range that\u2019s open and mapped to your public IP, FTP stalls. Set pasv_address to your public IP and allow the passive ports in any upstream firewalls or security groups.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765538285606\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"is-sftp-more-secure-than-ftps\"><strong>Is SFTP more secure than FTPS?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Both are secure when configured properly. SFTP runs over SSH and is simpler to firewall and automate. FTPS can be preferable for strict compliance or legacy workflows. For new setups, SFTP is often the easiest secure choice.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765538305422\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-restrict-ftp-users-to-a-single-directory\"><strong>How do I restrict FTP users to a single directory?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Enable chroot_local_user=YES and assign the user a dedicated home directory. Keep the home non-writable (755) and create a writable subdirectory like uploads with 755 or 775 permissions.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765538325986\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"can-i-create-virtual-users-for-vsftpd\"><strong>Can I create virtual users for vsftpd?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. vsftpd supports virtual users via PAM and a backend like Berkeley DB or libpam-pwdfile. This lets you manage FTP-only accounts without system users. It\u2019s more advanced\u2014use when you need many accounts or panel integration.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"conclusion\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>Now you can install FTP on a Linux server using vsftpd, secure it with TLS, configure passive mode, open the right firewall ports, and troubleshoot common issues. If you want a fast, secure, and supported setup, consider a YouStable VPS or Dedicated Server and let our experts pre-harden your FTPS or SFTP environment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To install FTP on a Linux server, install the vsftpd package, enable and start the service, configure \/etc\/vsftpd.conf for local [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":15545,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-12511","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Install-FTP-on-Linux-Server.jpg","author_info":{"display_name":"Prahlad Prajapati","author_link":"https:\/\/www.youstable.com\/blog\/author\/prahladblog"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12511"}],"version-history":[{"count":5,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12511\/revisions"}],"predecessor-version":[{"id":15546,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12511\/revisions\/15546"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15545"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}