Happy new year, folks,
Assume there's two lines in /etc/vsftpd/vsftpd.conf
Code:
userlist_enable=YES
userlist_deny=NO
I know that "userlist_enable=YES" command points to a list of disabled users in /etc/vsftpd.user_list. and when I read "/etc/vsftpd.user_list", which begins with following comments:
Code:
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
Hmm, I'm confused by the previous two lines, if I add "phillip" account to "/etc/vsftpd.user_list", it is possible to use "phillip" to login ftp with relative password. however, "userlist_enable=YES" command points to a list of DISABLED users in /etc/vsftpd.user_list, this restriction seems to not take effection.
What's the order for "userlist_enable" and "userlist_deny" restrictions? is it just querying as tcpwrapper(host.allow, host deny, and no match=access granted)?
Thanks in advance.
Phillip