vsftpd

vsftpd

用户 / 权限配置

/etc/vsftpd/vsftpd.conf

local_enable=YES  
pam_service_name=vsftpd
userlist_enable=YES

/etc/pam.d/vsftpd

#%PAM-1.0
session    optional     pam_keyinit.so    force revoke
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth       required     pam_shells.so
auth       include      system-auth
account    include      system-auth
session    include      system-auth
session    required     pam_loginuid.so

/etc/vsftpd/user_list (vsftpd 默认读取的 user_list 路径)

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

/etc/vsftpd/ftpusers

bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

vsftpd 默认的 pam 配置(/etc/pam.d/vsftpd.conf) 里的auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed 会拒绝所有 /etc/vsftpd/ftpusers 文件里用户登录。


Last update: 2020-11-17 12:50:52 UTC