Tested on Ubuntu 12.04 LTS.

This should be used only for an account for ftp only, because filesystem write access will be removed.

Install vsftp:

$ sudo apt-get install vsftpd

Edit /etc/vsftpd.conf:

$ sudo cp -p /etc/vsftpd.conf /etc/vsftpd.conf.orig
$ sudo vi /etc/vsftpd.conf

# JGZ 9/3/2014 – disable anonymous

# JGZ 9/3/2014 – use local accounts

# JGZ 9/3/2014 – allow writing

# JGZ 9/3/2014 – jail local user accounts in their home directory

# JGZ 9/3/2014 – don’t allow list

# JGZ 9/3/2014 – list permission if in the file

Edit/create chroot list file:

$ sudo vi /etc/vsftpd.chroot_list


Remove write access from the localusername directory:

$ sudo chmod a-w /home/localusername

Note: If you use the command above, you will need to create a subdirectory in the home that the localusername can write in. If you want to restrict the ftp user to their home directory, omit the chroot_list_enable and chroot_list_file options specified in the config.

The following will change the log location from /var/log/xferlog to /var/log/vsftpd.log, however it will give you much more useful information. To enable verbose logging add the following:

# JGZ 3/2/2015 – verbose logging

# JGZ 3/2/2015 – enable verbose logging

This will not allow the ftp user to delete files for directories. To restrict the ftp user command set:

# JGZ 3/2/2015 – deny delete and rm

To restrict FTP access to a set of I.P. Addresses (CentOS 7):
Use TCP wrappers:

# vi /etc/vsftpd/vsftpd.conf


Restart vsftpd:

# systemctl restart vsftpd

Deny all access:

# vi /etc/hosts.deny

vsftpd: ALL

Create exceptions:

# vi /etc/hosts.allow

vsftpd:aaa.bbb.ccc.ddd www.xxx.yyy.zzz