Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i believe i have set up my conf file and user_list file correctly but for some reason, i am still able to connect to sftp using my root account after i restart vsftpd.
here are the uncommented lines from /etc/vsftpd/vsftpd.conf
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
You rely on the userlist do deny certain users. So if the file cannot be found no users are denied. Can you include userlist_file=/etc/path/to/userlist explicitely in the vsftp.conf. And also userlist_deny=yes. Make sure the userlist file is readable for the vsftp process.
Furthermore check your log files. Try to increase logging verbosity level.
You rely on the userlist do deny certain users. So if the file cannot be found no users are denied. Can you include userlist_file=/etc/path/to/userlist explicitely in the vsftp.conf. And also userlist_deny=yes. Make sure the userlist file is readable for the vsftp process.
Furthermore check your log files. Try to increase logging verbosity level.
jlinkels
thanks man ... i tried that too with no success.
i did not, however, check the log files. i'll do that. i'll check-in with what i find.
i believe i have set up my conf file and user_list file correctly but for some reason, i am still able to connect to sftp using my root account after i restart vsftpd.
Mind that sftp is different from ftp/ftps that vsftpd provides.
It's based on ssh, so you have to disable ssh login for root, if you don't want root to be able to sftp. See the PermitRootLogin in /etc/ssh/sshd_config for details
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
Darn, bathory might be right. So this is not the place to change that. Although vsftp has almost the same name as sftp, they are completely different and independent.
You should edit /etc/ssh/sshd_config and set PermitRootLogin=no and optionally set AllowedUsers for the users that you want to have access.
Because sftp runs over ssh, all related services, ssh, sftp, scp, rsync rely on the settings in the sshd_config.
I am not sure sftp allows for more fine grained control. So that sftp can deny root whil ssh allows. I don't think so.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.