LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-11-2013, 04:48 PM   #1
tinksmartbstupi
Member
 
Registered: Dec 2004
Location: Coram, NY
Distribution: Slackware
Posts: 47

Rep: Reputation: 15
vsftpd is not denying the users in userlist_file


Hey guys,

I'm setting up a webserver and hardedning some things, I'm trying to us vsftpd for sftp and I'm having a bit of a problem. I am eventually trying to move towards virtual users and chroot to special directories, but first I'm just trying to deny a whole bunch of usernames from being used for login.

In my config file I have:

userlist_enable=YES
userlist_Deny=YES
userlist_file="/etc/vsftpd/denied_users"

I have verified that the username I'm trying to use (lets say user1) is in the /etc/vsftpd/denied_users file, but when I connect via sftp it still lets me login with user1.

I'm using a centos 6.3 vps from godaddy, and I don't have "getenforce" or "setsebool" on the system, not sure if that matters?

What can I do to get vsftpd to deny users in my denied_users list?
 
Old 01-11-2013, 06:00 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
Your config is correct except for case.

Change upercase D to lowercase:

Code:
userlist_deny=YES
I feel for you having to deal with GoDaddy support, I was an admin for them for a few years before the support went downhill. It's hard to get answers from them but this should do the trick. If not we may need to look at your /etc/vsftpd.user_list and see if that is causing a conflict or maybe another directive in your vsftpd.conf
 
Old 01-14-2013, 07:44 AM   #3
tinksmartbstupi
Member
 
Registered: Dec 2004
Location: Coram, NY
Distribution: Slackware
Posts: 47

Original Poster
Rep: Reputation: 15
Sorry that was a typo, the config file actually has a lower case in it. Below is the full config with comments removed:

/etc/vsftpd/vsftpd.conf:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
data_connection_timeout=60
nopriv_user=ftpsecure
async_abor_enable=NO
ascii_upload_enable=NO
ascii_download_enable=NO
ftpd_banner="welcome"
chroot_local_user=YES
listen=YES
listen_ipv6=NO

pam_service_name=vsftp
userlist_enable=YES
userlist_deny=YES
tcp_wrappers=YES

anon_world_readable_only=NO
guest_enable=NO
guest_username=ftpsecure
hide_ids=YES
max_clients=100
max_per_ip=4
pasv_max_port=65535
pasv_min_port=64000
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
anon_umask=0027
dirlist_enable=NO
download_enable=NO
userlist_file="/etc/vsftpd/denied_users"

ssl_enable=YES
allow_anon_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

--------------------------------------------
 
Old 01-14-2013, 08:56 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by tinksmartbstupi View Post
Hey guys,
I'm setting up a webserver and hardedning some things, I'm trying to us vsftpd for sftp and I'm having a bit of a problem. I am eventually trying to move towards virtual users and chroot to special directories, but first I'm just trying to deny a whole bunch of usernames from being used for login.
I have verified that the username I'm trying to use (lets say user1) is in the /etc/vsftpd/denied_users file, but when I connect via sftp it still lets me login with user1.

I'm using a centos 6.3 vps from godaddy, and I don't have "getenforce" or "setsebool" on the system, not sure if that matters?
What you're doing won't work. Vsftpd is a secure FTP server...sftp uses the SSH protocol. Different port, different service. Changing one doesn't change the other.

There's a good thread on this site that covers SFTP on CentOS, and should have enough to get you going. Covers chroot'ing, and makes references to only allowing users in that are members of a specific group, which would solve your other issue as well:
http://www.linuxquestions.org/questi...il-4175427300/
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
 
1 members found this post helpful.
Old 01-28-2013, 07:01 AM   #5
tinksmartbstupi
Member
 
Registered: Dec 2004
Location: Coram, NY
Distribution: Slackware
Posts: 47

Original Poster
Rep: Reputation: 15
I realized that about 5 minutes before I saw your response. After following those links I have it all setup and working.

Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to add new users if user_list is used for maintaining the users in vsftpd(centos) SarahGurung Linux - Newbie 10 05-29-2012 10:18 PM
VSFTPD 2.2.2 on Ubuntu Lucid Lynx denying remote access Eldarrion Linux - Networking 1 04-30-2011 05:49 PM
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
vsftpd + denying & allowing IP's kurrupt Linux - Security 1 10-17-2006 03:34 AM
VSFTPD refusing login/denying cause anon only gonus Linux - Networking 3 10-09-2005 08:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration