I recently had to create a vsftpd (FTP) server on an Amazon aws virtual server running Ubuntu 12.10.
There are some issues with the default vsftpd tool that installs with apt-get on Ubuntu 12.10 (version 2.x… not sure which one off the top of my head). It will not allow virtual users access to their root directories. I wrote up a guide in May-2013 that showed how to get around this by writing to a sub directory, but that just does not feel right.
So this guide will go over how to do it properly and with a virtual AWS machine.
Start an AWS micro instance with Ubuntu 12.04
First set up a security group for you ftp server.
From your EC2 console click on Security Groups
Click on "Create Security Group"
Name it ftp and click Yes, Create
Click on the inbound tab. Enter 20 and click Add Rule.
Do the same thing for
You should have something like this.
Click "Apply Rule Changes"
Now take a moment and locate the AMI you want to use to create your AWS instance.
Ubuntu has a nice search page at http://cloud-images.ubuntu.com/locator/ec2/  that lists all the AMIs that Ubuntu has on AWS
I will am looking for 12.04 Ubuntu 64-bit on the east-1 region and it an EBS.
This returns an AMI of ami-e7582d8e
Use this ami and the security group you just created to start your aws instance.
I prefer using the command line tools to start an instance (this requires that you have them installed I have an install guide posted at http://www.whiteboardcoder.com/2012/10/aws-setting-up-command-line-tools-in_23.html )
Run the following command to create a micro instance (Of course use your own key)
> ec2-run-instances ami-e7582d8e -k my-keypair -b /dev/sda1=:8:true -g ftp -t t1.micro
This will create a micro instance with an 8GiB EBS drive.
My instance happened to start at ec2-174-129-58-120.compute-1.amazonaws.com
Log into your instance
> ssh -i .ec2/my-keypair.pem firstname.lastname@example.org
Create an EBS drive to save FTP data to
I prefer to create an additional EBS drive to mount to this machine. That way I can store all the information on this FTP drive and I can unmounts it from this virtual machine and mount it to another on if I need to.
From the command line run this command to make a 40GiB drive
> ec2-create-volume --size 40 --availability-zone us-east-1a
The volume id returned for my test is vol-f2d67fa8
Name The EBS volume
> ec2-create-tags vol-f2d67fa8 --tag Name=FTP-EBS
Attach EBS to volume to your instance (make sure to use your Ids)
> ec2-attach-volume vol-f2d67fa8 --instance i-f9503896 --device /dev/sdf1
Log into the micro instance and run the following commands to format the new EBS drives and mount them. (for some reason the /dev/sdf1 drive is attached as /dev/xvdf1
> sudo mkfs -F /dev/xvdf1
> sudo mkdir /ftp
> sudo mount /dev/xvdf1 /ftp
Run the following command to see the hard drives.
> df -h
Set fstab to automount drives
> sudo vi /etc/fstab
Add the following
/dev/xvdf1 /ftp ext2 rw,suid,dev,exec,noauto,nouser,async 0 0
With these settings the drives will not be automounted at start up, we need a script to do that. You could automount them by changing noauto to “auto”. But this has an issue on the amazon ec2 server, if the drive is not present the server spins and cannot be logged into, until the drive is present
Set up start up script (to mount the hard drives
> sudo vi /etc/init.d/mountHD
Then place the following in it.
Make it executable
> sudo chmod 755 /etc/init.d/mountHD
Add it to autostart
> sudo update-rc.d mountHD defaults
Reboot to test auto mount of hard drives
> sudo reboot now
After a reboot and log back in, if you run this command…
> df -h
You should see
Special note: This extra EBS volume is not part of the AMI machine. So when you want to create an AMI from this machine you need to unmounts and detach this EBS from its instance.
As a note, I am setting up my FTP server with virtual users using the PAM. So if you want to have your normal linux users ftp to their directories this is not the guide for you.
The default vsftpd that can be obtained from apt-get has an issue where you cannot write to the root directory of a virtual user
To get around this download and install the latest build of vsftpd (which allows the conf flag allow_writeable_chroot=YES)
Run this from the command line
> sudo apt-get install libcap2
> wget http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_3.0.2-1ubuntu1.1_amd64.deb
> sudo dpkg -i vsftpd_3.0.2-1ubuntu1.1_amd64.deb
Configure the vsftpd setup
> sudo vi /etc/vsftpd.conf
I am using some information from the following sites
Update the file to the following
#Set passive mode
Allows a user to write to their own directory
And oddly enough I had what I think is an issue with the kernel… On a local VM build I did not need the following but on the AWS server I did seccomp_sandbox=NO
Make sure to put your address of your FTP server here.
Setting up virtual users
Information on how to do this comes from http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/ 
Instead of linux users for this machine we are going to set up virtual users using PAM
> sudo apt-get install libpam-pwdfile
Set up PAM file
> sudo vi /etc/pam.d/vsftpd.virtual
Put the following into the file and save it.
auth required pam_pwdfile.so pwdfile /ftp/vsftpd/ftp.passwd
account required pam_permit.so
To set up passwords you need to first install htpasswd which is in the apache2-utils
> sudo apt-get install apache2-utils
Add the passwd file directory
> sudo mkdir /ftp/vsftpd
> sudo touch /ftp/vsftpd/ftp.passwd
Set up a test user
Run the following commands to create a virtual user called pattest
> sudo htpasswd -d /ftp/vsftpd/ftp.passwd pattest
Now create the directory and update permission
> sudo mkdir -p /ftp/pattest/
> sudo chmod 755 /ftp/pattest
> sudo chown ftp:ftp /ftp/pattest
Restart the vsftp server
> sudo service vsftpd restart
Test the FTP server
(first make sure your DNS entry is properly set up for your web site)
I had a little issue when going into passive mode (which is automatically done by the fireFTP client) turns out the ftp server itself did not know its own address that is to say if I ran
> dig +short ftp.whiteboardcoder.com
I was not getting the correct address back. To fix this you can do one of two things.
In the /etc/vsftpd.conf file update pasv_address to the ip address
Or, you can wait for the DNS record to update on the machine, eventually running dig will result in the correct IP address returned. When that happens you are good to go.
Test the connection via FireFTP
Click Create Account
Enter your data and click OK (this is my example data)
Select a file and attempt to upload it
Success! That worked.
 Ubuntu ec2 locator
 Setting up AWS command line
 Fixing 500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
 AWS post VSFTPD in Ubuntu instance
 Setup VSFTPD with custom multiple directories and (virtual) users accounts on Ubuntu (no database required)
By: Julien Bourdeau
 Setup Virtual Users and Directories in VSFTPD