LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-02-2010, 07:42 AM   #1
meandsushil
Member
 
Registered: Feb 2010
Posts: 143

Rep: Reputation: 14
Unhappy userlist_enable in vsftpd.conf


hi,

i am having problem with

"/etc/vsftpd/vsftpd.conf"

the rule in file(/etc/vsftpd/user_list) says that if "userlist_enable=NO" is set in vsftpd.conf then only users which are listed in
"/etc/vsftpd/user_list" are allowed
to login or see content with ls

but i have three users a1 a2 a3 but even though a1 is listed in /etc/vsftpd/user_list file with "userlist_enable=NO" is set in vsftpd.conf ; even a2 a3 allowed to login and see content with ls cmd,
plz tell me what's the problem.
 
Old 06-02-2010, 08:04 AM   #2
alli_yas
Member
 
Registered: Apr 2010
Location: Johannesburg
Distribution: Fedora 14, RHEL 5.5, CentOS 5.5, Ubuntu 10.04
Posts: 559

Rep: Reputation: 92
I think your understanding is incorrect.

As far as I'm aware, if your set userlist_enable=YES; then vsftpd will DENY access to any users in your userlist_file.

The fact that you have userlist_enable=NO means that vsftpd isn't even looking at your userlist file.
 
Old 06-02-2010, 06:28 PM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,960

Rep: Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693
Quote:
Originally Posted by meandsushil View Post
hi,

i am having problem with

"/etc/vsftpd/vsftpd.conf"

the rule in file(/etc/vsftpd/user_list) says that if "userlist_enable=NO" is set in vsftpd.conf then only users which are listed in
"/etc/vsftpd/user_list" are allowed
to login or see content with ls

but i have three users a1 a2 a3 but even though a1 is listed in /etc/vsftpd/user_list file with "userlist_enable=NO" is set in vsftpd.conf ; even a2 a3 allowed to login and see content with ls cmd,
plz tell me what's the problem.
Again, as in other posts..SPELL OUT YOUR WORDS. And the problem appears to be that you're (again), not reading the documentation. Did you try to read the man page for vsftpd.conf? From the man page:
Quote:
userlist_enable
If enabled, vsftpd will load a list of usernames, from the filename given by userlist_file. If a user tries to log in using a name in this file, they will be denied before they are asked for a password. This may be useful in preventing cleartext passwords being transmitted. See also userlist_deny.
Default: NO
userlist_deny
This option is examined if userlist_enable is activated. If you set this setting to NO, then users will be denied login unless they are explicitly listed in the file specified by userlist_file. When login is denied, the denial is issued before the user is asked for a password.
Default: YES
Since you say you did NOT set userlist_enable to be YES, the option isn't being examined. So set userlist_enable to be YES, and userlist_deny to be NO. Restart VSFTPD.
 
1 members found this post helpful.
Old 06-03-2010, 01:12 AM   #4
meandsushil
Member
 
Registered: Feb 2010
Posts: 143

Original Poster
Rep: Reputation: 14
Unhappy

Thanks! I could solved the problem after entering
"userlist_deny=NO"
I thought it's there in vsftpd.conf file only and we just need to enter YES or NO .

BUT

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.

# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
a4
a3
a2
root
-----------
BUT WHEN MADE BOTH userlist_deny=YES and userlist_enable=YES

and added few users in userlist
file but it still asking them a password though ls(any command) is not working there.
WHAT'S THE REASON?
 
Old 06-03-2010, 05:08 AM   #5
alli_yas
Member
 
Registered: Apr 2010
Location: Johannesburg
Distribution: Fedora 14, RHEL 5.5, CentOS 5.5, Ubuntu 10.04
Posts: 559

Rep: Reputation: 92
Please read this: http://www.redhat.com/docs/en-US/Red...opt-login.html

Basically these 2 options (userlist_deny and userlist_enable) work in conjunction with each other.

Thus if you're setting userlist_deny=YES and userlist_enable=YES, it means that:

1. All users will be denied access, unless they are found in the userlist_file

2. What you're saying about it asking for a password makes no sense - it should not do that. Users should get an immediate permission denied.
 
Old 06-03-2010, 08:58 AM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,960

Rep: Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693
Quote:
Originally Posted by meandsushil View Post
Thanks! I could solved the problem after entering
"userlist_deny=NO"
I thought it's there in vsftpd.conf file only and we just need to enter YES or NO .

BUT WHEN MADE BOTH userlist_deny=YES and userlist_enable=YES

and added few users in userlist file but it still asking them a password though ls(any command) is not working there.
WHAT'S THE REASON?
The reason is you're STILL not paying attention to what people are posting, or reading the instructions. Did you read my previous post, and the man page on vsftpd.conf????

From my last post:
Quote:
So set userlist_enable to be YES, and userlist_deny to be NO. Restart VSFTPD.
Can't get much more clear and simple than that. You're setting BOTH to yes, and you're wondering why things aren't working????
 
Old 01-22-2014, 07:58 AM   #7
aureli
LQ Newbie
 
Registered: Jan 2014
Posts: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
The reason is you're STILL not paying attention to what people are posting, or reading the instructions. Did you read my previous post, and the man page on vsftpd.conf????

From my last post:

Can't get much more clear and simple than that. You're setting BOTH to yes, and you're wondering why things aren't working????


Hi,

Take care about FTP users need to have a shell account on the system, instead of a nologin shell (case of vsftpd).

ALERT: Providing all users with a shell may not be ideal for some environments, such as a shared web host. Then for allow users with a shell (like /usr/bin/bash) access to FTP, but have no shell access, edit /etc/shells adding the shell (bash). This is necessary because, by default vsftpd uses PAM for authentication; the shells PAM module restricts access to shells listed in the /etc/shells file
 
Old 01-22-2014, 09:54 AM   #8
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,960

Rep: Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693
Quote:
Originally Posted by aureli View Post
Hi,
Take care about FTP users need to have a shell account on the system, instead of a nologin shell (case of vsftpd).

ALERT: Providing all users with a shell may not be ideal for some environments, such as a shared web host. Then for allow users with a shell (like /usr/bin/bash) access to FTP, but have no shell access, edit /etc/shells adding the shell (bash). This is necessary because, by default vsftpd uses PAM for authentication; the shells PAM module restricts access to shells listed in the /etc/shells file
Good advice...but this thread has been closed for FOUR YEARS.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd.conf question SteveInTallyFL Linux - Server 1 12-03-2009 01:33 PM
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 08:24 PM
vsftpd won't read vsftpd.conf m2azer Linux - Software 9 04-21-2006 04:25 PM
VSFTPD.conf Malkaven Linux - Networking 7 03-09-2006 03:01 AM
vsftpd.user_list and userlist_enable not working. johniccp Linux - Security 5 11-06-2003 04:57 PM


All times are GMT -5. The time now is 12:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration