How to allow or deny Users to login to VSFTP Server on CentOS / RHEL?

After installation and start of the VSFTPD service, two files are created in the /etc/vsftpd/ directory: “ftpusers” and “ user_list “. These files are used to allow or deny login attempts. The behavior of ftpusers and user_list is configurable in the vsftpd.conf file using the userlist_deny option. The vsftpd.conf file also offers the option of adding a third, custom file.

userlist_file=/etc/vsftpd/[custom_file]

 

The chart below specifies file behavior when using the custom file in addition to the two default files.

userlist_deny setting ftpusers user_list custom_file
userlist_deny=NO deny before password deny before password allow
userlist_deny=YES deny after password allow deny before password
no setting deny after password deny after password deny before password

 

Lets see few examples of allowing and denying users to login to VSFTP server.

 

Allow all of the VSFTP Server local users to login

 

1. Make sure the file /etc/vsftpd/ftpusers and /etc/vsftpd/user_list do not include the users whom you want to allow VSFTP login access.

userlist_file=/etc/vsftpd/[custom_file]

 

# cat /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

 

2. Verify that you do not have the userlist_deny parameter included in the file /etc/vsftpd/vsftpd.conf.

# cat /etc/vsftpd/vsftpd.conf  | grep userlist_deny
#

 

3. Verify with one of the users.

# ftp vsftpsrv
Connected to vsftpsrv (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): user
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

 

Allow few of the VSFTP Server local users to login

 

1. Under default VSFTP configuration, edit/add “userlist_deny” argument to “NO” in VSFTP Server configuration file /etc/vsftpd/vsftpd.conf:

# vi /etc/vsftpd/vsftpd.conf
userlist_deny=NO

 

2. Edit file /etc/vsftpd/user_list to include allowed local users, add users user01 and user02.

# cat /etc/vsftpd/user_list
user01
user02

 

3. Restart vsftpd service on VSFTP Server.

[root@vsftpsrv ~]# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

 

4. Test with one of allowed users, user user01 is able to login.

userlist_file=/etc/vsftpd/[custom_file]# ftp vsftpsrv
Connected to vsftpsrv (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): user01
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

 

5. Test with a user which is not listed in /etc/vsftpd/user_list . Check for user “user03” which is NOT included in the user_list file.

# ftp vsftpsrv
Connected to vsftpsrv (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): user03
530 Permission denied.
Login failed.
ftp>

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)