Hi all. Just 'upgraded' vsftpd to use sftp, and disabled ftp access to my linode. Had vsftpd dissallowing root access for obvious security reasons, but this was inconvenient in transferring files to the server that need root access, etc. So, now that I am using sftp, I'd like to go back to using the root user.
My vsftpd.conf is as follows:
Code:
#
# User Level (anonymous vs. local):
anonymous_enable=NO
local_enable=YES
#
# FTP Access Rights:
local_umask=022
write_enable=YES
#
# Logging:
xferlog_enable=YES
xferlog_std_format=NO
vsftpd_log_file=/logs/vsftpd.log
#
# Connection Rules:
connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=600
#
# FTP Settings:
nopriv_user=nobody
ls_recurse_enable=YES
force_dot_files=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_file=/etc/vsftpd/vsftpd.user_list
#
# SSL Settings:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
The PAM file has the following:
Code:
# Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
# Note: vsftpd handles anonymous logins on its own. Do not enable
# pam_ftp.so.
# Standard blurb.
@include common-account
@include common-session
@include common-auth
auth required pam_shells.so
This looks correct, as it denies access to users in the /etc/vsftpd/ftpusers file, and I have removed root from that file.
The userlist_file above has both root and my safe 'ftpuser' account in it.
After removing root from ftpusers, I am still not able to login (get access denied). 'ftpuser' is still able to log in through sftp. Any ideas why root is still being denied?
Thanks,
Paul
FAQ
Search
Members
Register
Login [ Anonymous ]
