System Administration Guide: Network Services

ProcedureHow to Disallow FTP Server Access to Particular Users

The /etc/ftpd/ftpusers file lists names of users who are not allowed to log in to the FTP server. When login is attempted, the FTP server checks the /etc/ftpd/ftpusers file to determine whether the user should be denied access. If the user's name is not found in that file, the server then searches the /etc/ftpusers file.

If the user's name is matched in /etc/ftpusers, a syslogd message is written with a statement that the match was found in a deprecated file. The message also recommends the use of /etc/ftpd/ftpusers instead of /etc/ftpusers.

Note –

Support for the /etc/ftpusers file has been deprecated in this release. If the /etc/ftpusers file exists when the FTP server is installed, the file is moved to /etc/ftpd/ftpusers.

For additional information, see syslogd(1M), in.ftpd(1M), and ftpusers(4)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Add entries to the /etc/ftpd/ftpusers file for users who are not allowed to log in to the FTP server.

Example 28–4 How to Disallow FTP Server Access


The previous example lists the typical entries in the ftpusers file. User names match entries in the /etc/passwd. The list generally includes the root and other administrative and system application identities.

The root entry is included in the ftpusers file as a security measure. The default security policy is to disallow remote logins for root. The policy is also followed for the default value that is set as the CONSOLE entry in the /etc/default/loginfile. See login(1).