A project of mine recently needed a simple FTP server that can give multiple different users access to the contents of specific directories (and only those directories). My technical requirements were stupid simple, the data I'd be dealing with wasn't sensitive, and I wanted to avoid paying for an expensive and/or complicated service, at least to start.
I did some brief discovery and determined that a good, ol' DigitalOcean droplet is a great candidate for hosting a simple server like this. This is essentially a set of my beautified notes on the process of setting that up.
Before starting, let's set some expectations: this implementation is very bare-bones, and it isn't concerned with making everything as secure as possible. If you're looking on setting up a server with an SFTP protocol, or in-depth configuration capabilities, you might need to use what you see here as the foundation, but you'll need to search elsewhere for the rest.
To start, I'm assuming you have a DigitalOcean droplet running on Ubuntu, and that you're able to access it via SSH. We'll be spending most of our time inside the droplet, so go ahead and log in.
We'll be using ProFTPD for our FTP server. It's a pretty reputable tool that's straightforward to set up. Work through these steps:
Install the tool. The
update may be especially important, depending on your version of Ubuntu (I'm on 20.04):
apt-get update && apt-get install proftpd
/bin/false to our list of valid shells in our droplet. ProFTPD's default configuration will require that a valid shell be used to gain access, and we'll be using this particular value to prevent direct shell access to the system.
echo '/bin/false' >> /etc/shells
Although it's technically optional for a stupid-simple setup, you can modify the default configuration file generated when installing ProFTPD. If you want, I'd at least recommend changing the server name to something more personalized:
After that, create a new user that'll have access to the FTP server.
useradd --shell /bin/false yourusername
Set a password for that user:
At this point, we need to set up specific directories that we'll allow your users to access. To do that, let's create one and then assign permissions to it:
mkdir /home/somedirectory chown yourusername:yourusername /home/somedirectory
With all of that in place, restart the server for everything to take effect:
service proftpd restart
And finally, let's create an empty file in our user's directory just to have something we can verify when we try to connect.
echo "Test!" > /home/somedirectory/sample.txt
Open up an FTP client (like Cyberduck), fill in your IP address as the "server," and use the credentials you created above to log in. Make sure the port is set to
After logging in by clicking "Connect," you should see the
sample.txt file we created in the user's directory.
Although it's not required, it's nice to have a dedicated domain set up for users to connect to the server (ex:
ftp.macarthur.me). To do that, create an
A record in your DNS management tool that points to the subdomain or domain you'd like to use. In my case, that UI looked something like this:
Afterwards, you should be able to point your FTP client to that new domain when connecting:
Told you it was quick.