LinuxQuestions.org - userlist_enable in vsftpd.conf

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - userlist_enable in vsftpd.conf (https://www.linuxquestions.org/questions/linux-newbie-8/userlist_enable-in-vsftpd-conf-811678/)

userlist_enable in vsftpd.conf

hi,

i am having problem with

"/etc/vsftpd/vsftpd.conf"

the rule in file(/etc/vsftpd/user_list) says that if "userlist_enable=NO" is set in vsftpd.conf then only users which are listed in
"/etc/vsftpd/user_list" are allowed
to login or see content with ls

but i have three users a1 a2 a3 but even though a1 is listed in /etc/vsftpd/user_list file with "userlist_enable=NO" is set in vsftpd.conf ; even a2 a3 allowed to login and see content with ls cmd,
plz tell me what's the problem.

I think your understanding is incorrect.

As far as I'm aware, if your set userlist_enable=YES; then vsftpd will DENY access to any users in your userlist_file.

The fact that you have userlist_enable=NO means that vsftpd isn't even looking at your userlist file.

Quote:

Originally Posted by meandsushil (Post 3989891)

Again, as in other posts..SPELL OUT YOUR WORDS. And the problem appears to be that you're (again), not reading the documentation. Did you try to read the man page for vsftpd.conf? From the man page:

Quote:

userlist_enable
If enabled, vsftpd will load a list of usernames, from the filename given by userlist_file. If a user tries to log in using a name in this file, they will be denied before they are asked for a password. This may be useful in preventing cleartext passwords being transmitted. See also userlist_deny.
Default: NO
userlist_deny
This option is examined if userlist_enable is activated. If you set this setting to NO, then users will be denied login unless they are explicitly listed in the file specified by userlist_file. When login is denied, the denial is issued before the user is asked for a password.
Default: YES

Since you say you did NOT set userlist_enable to be YES, the option isn't being examined. So set userlist_enable to be YES, and userlist_deny to be NO. Restart VSFTPD.

Thanks! I could solved the problem after entering
"userlist_deny=NO"
I thought it's there in vsftpd.conf file only and we just need to enter YES or NO .

BUT

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
a4
a3
a2
root
-----------
BUT WHEN MADE BOTH userlist_deny=YES and userlist_enable=YES

and added few users in userlist
file but it still asking them a password though ls(any command) is not working there.
WHAT'S THE REASON?

Please read this: http://www.redhat.com/docs/en-US/Red...opt-login.html

Basically these 2 options (userlist_deny and userlist_enable) work in conjunction with each other.

Thus if you're setting userlist_deny=YES and userlist_enable=YES, it means that:

1. All users will be denied access, unless they are found in the userlist_file

2. What you're saying about it asking for a password makes no sense - it should not do that. Users should get an immediate permission denied.

Quote:

Originally Posted by meandsushil (Post 3990867)

Thanks! I could solved the problem after entering
"userlist_deny=NO"
I thought it's there in vsftpd.conf file only and we just need to enter YES or NO .

BUT WHEN MADE BOTH userlist_deny=YES and userlist_enable=YES

and added few users in userlist file but it still asking them a password though ls(any command) is not working there.
WHAT'S THE REASON?

The reason is you're STILL not paying attention to what people are posting, or reading the instructions. Did you read my previous post, and the man page on vsftpd.conf????

From my last post:

Quote:

So set userlist_enable to be YES, and userlist_deny to be NO. Restart VSFTPD.

Can't get much more clear and simple than that. You're setting BOTH to yes, and you're wondering why things aren't working????

Quote:

Originally Posted by TB0ne (Post 3991239)

The reason is you're STILL not paying attention to what people are posting, or reading the instructions. Did you read my previous post, and the man page on vsftpd.conf????

From my last post:

Can't get much more clear and simple than that. You're setting BOTH to yes, and you're wondering why things aren't working????

Hi,

Take care about FTP users need to have a shell account on the system, instead of a nologin shell (case of vsftpd).

ALERT: Providing all users with a shell may not be ideal for some environments, such as a shared web host. Then for allow users with a shell (like /usr/bin/bash) access to FTP, but have no shell access, edit /etc/shells adding the shell (bash). This is necessary because, by default vsftpd uses PAM for authentication; the shells PAM module restricts access to shells listed in the /etc/shells file

Quote:

Originally Posted by aureli (Post 5102837)

Hi,
Take care about FTP users need to have a shell account on the system, instead of a nologin shell (case of vsftpd).

ALERT: Providing all users with a shell may not be ideal for some environments, such as a shared web host. Then for allow users with a shell (like /usr/bin/bash) access to FTP, but have no shell access, edit /etc/shells adding the shell (bash). This is necessary because, by default vsftpd uses PAM for authentication; the shells PAM module restricts access to shells listed in the /etc/shells file

Good advice...but this thread has been closed for FOUR YEARS.