How to Disallow FTP Server Access to Particular Users
The /etc/ftpd/ftpusers file lists names of users who are not allowed to log in to the FTP server. When login is attempted, the FTP server checks the /etc/ftpd/ftpusers file to determine whether the user should be denied access. If the user's name is not found in that file, the server then searches the /etc/ftpusers file.
If the user's name is matched in /etc/ftpusers, a syslogd message is written with a statement that the match was found in a deprecated file. The message also recommends the use of /etc/ftpd/ftpusers instead of /etc/ftpusers.
Note –
Support for the /etc/ftpusers file has been deprecated in this release. If the /etc/ftpusers file exists when the FTP server is installed, the file is moved to /etc/ftpd/ftpusers.
For additional information, see syslogd(1M), in.ftpd(1M), and ftpusers(4)
-
Become superuser.
-
Add entries to the /etc/ftpd/ftpusers file for users who are not allowed to log in to the FTP server.
Example—How to Disallow FTP Server Access
root daemon bin sys adm lp uccp nuucp listen nobody noaccess nobody4 |
The previous example lists the typical entries in the ftpusers file. User names match entries in the /etc/passwd. The list generally includes the superuser root and other administrative and system application identities.
The root entry is included in the ftpusers file as a security measure. The default security policy is to disallow remote logins for root. The policy is also followed for the default value that is set as the CONSOLE entry in the /etc/default/loginfile. See login(1).
- © 2010, Oracle Corporation and/or its affiliates