• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to allow or deny Users to login to VSFTP Server

By admin

After installation and start of the VSFTPD service, two files are created in the /etc/vsftpd/ directory: “ftpusers” and “user_list“. These files are used to allow or deny login attempts. The behavior of ftpusers and user_list is configurable in the vsftpd.conf file using the userlist_deny option. The vsftpd.conf file also offers the option of adding a third, custom file.

userlist_file=/etc/vsftpd/[custom_file]

The chart below specifies file behavior when using the custom file in addition to the two default files.

userlist_deny setting ftpusers user_list custom_file
userlist_deny=NO deny before password deny before password allow
userlist_deny=YES deny after password allow deny before password
no setting deny after password deny after password deny before password

Lets see few examples of allowing and denying users to login to VSFTP server.

Allow all of the VSFTP Server local users to login

1. Make sure the file /etc/vsftpd/ftpusers and /etc/vsftpd/user_list do not include the users whom you want to allow VSFTP login access.

# cat /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
# cat /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

2. Verify that you do not have the userlist_deny parameter included in the file /etc/vsftpd/vsftpd.conf.

# cat /etc/vsftpd/vsftpd.conf  | grep userlist_deny
#

3. Verify with one of the users.

# ftp vsftpsrv
Connected to vsftpsrv (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): user
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Allow few of the VSFTP Server local users to login

1. Under default VSFTP configuration, edit/add “userlist_deny” argument to “NO” in VSFTP Server configuration file /etc/vsftpd/vsftpd.conf:

# vi /etc/vsftpd/vsftpd.conf
userlist_deny=NO

2. Edit file /etc/vsftpd/user_list to include allowed local users, add users user01 and user02.

# cat /etc/vsftpd/user_list
user01
user02

3. Restart vsftpd service on VSFTP Server.

[root@vsftpsrv ~]# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

4. Test with one of allowed users, user user01 is able to login.

# ftp vsftpsrv
Connected to vsftpsrv (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): user01
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

5. Test with a user which is not listed in /etc/vsftpd/user_list. Check for user “user03” which is NOT included in the user_list file.

# ftp vsftpsrv
Connected to vsftpsrv (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): user03
530 Permission denied.
Login failed.
ftp>
Error “530: permission denied” when user logs in to vsftpd server via ftp

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. Beginners guide to Kernel Module Configuration in Linux
  2. Understanding OS load average and run queue/blocked queue in terms of CPU utilization in Linux
  3. How to prevent non-root user from creating crontab entry
  4. What are SELinux Users and how to Map Linux Users to SELinux Users
  5. How to Automate Startup/Shutdown of Oracle Database and Listener on Linux
  6. Troubleshooting common NFS issues in Linux
  7. ‘docker images’ command error – “Permission Denied”
  8. How to configure LDAP Client on CentOS/RHEL 6 using SSSD
  9. How to manage File and Directory Permissions/Ownerships in Linux
  10. Linux OS Service ‘setroubleshoot’

You May Also Like

Primary Sidebar

Recent Posts

  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • How Realms Work in Oracle Database Vault
  • How to use Privilege Analysis in Oracle Database
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary