I've installed VSFTPD on a LEMP stack on Ubuntu 14.04. The only significant changes made to vsftpd.conf
are:
anonymous_enable=no
local_enable=yes
write_enable=yes
chroot_local_user=yes
allow_writeable_chroot=yes
VSFTPD should block root access by default, I've checked the /etc/ftpusers
file and root is listed within the file to deny access however I am able to ftp into the server using the root account. When I do I'm taken into, and jailed to, the /root
folder.
How can I disable root login via ftp?
Contents of /etc/pam.d/vsftp
:
# Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.
# Standard pam includes
@include common-account
@include common-session
@include common-auth
auth required pam_shells.so
adding
userlist_enable=yes
userlist_deny=yes
userlist_file=/etc/vsftp.user_list
did deny root access – but only if one there is only one line in the userlist file. If I add multiple users (one per line) then it breaks and allows root login.
If root is not being read from the /etc/ftpusers
file then I'm assuming other users such as mail
, daemon
, man
, nobody
etc. aren't being read either? (Hence why I tried to add them to the userlist file)
Best Answer
make sure the following is in your vsftpd.conf
Then make sure root is in
Restart vsftp and it should deny root login