how to prevent root from being able to vsftpd
i believe i have set up my conf file and user_list file correctly but for some reason, i am still able to connect to sftp using my root account after i restart vsftpd.
here are the uncommented lines from /etc/vsftpd/vsftpd.conf Code:
anonymous_enable=YES here is my /etc/vsftpd/user_list file Code:
# vsftpd userlist what am i doing wrong? |
You rely on the userlist do deny certain users. So if the file cannot be found no users are denied. Can you include userlist_file=/etc/path/to/userlist explicitely in the vsftp.conf. And also userlist_deny=yes. Make sure the userlist file is readable for the vsftp process.
Furthermore check your log files. Try to increase logging verbosity level. jlinkels |
Quote:
i did not, however, check the log files. i'll do that. i'll check-in with what i find. |
There should be a file /etc/vsftpd/ftpusers
Add root in the list to prevent log in and restart vsftpd. |
@OP
Quote:
It's based on ssh, so you have to disable ssh login for root, if you don't want root to be able to sftp. See the PermitRootLogin in /etc/ssh/sshd_config for details Regards |
Darn, bathory might be right. So this is not the place to change that. Although vsftp has almost the same name as sftp, they are completely different and independent.
You should edit /etc/ssh/sshd_config and set PermitRootLogin=no and optionally set AllowedUsers for the users that you want to have access. Because sftp runs over ssh, all related services, ssh, sftp, scp, rsync rely on the settings in the sshd_config. I am not sure sftp allows for more fine grained control. So that sftp can deny root whil ssh allows. I don't think so. jlinkels |
All times are GMT -5. The time now is 06:12 PM. |