Home > Others

VSFTPD user Rights Management and locking root directory

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

User Rights Management

User Category:

The following users are mapped to system users.

The user's validation is based on Pam.


Anonymous user

Anonymous

The root directory of the user is/var/ftp and is forcibly locked to this.


Virtual User:


System users

The root directory of the user that exists on the system is/home/username


Pam-based authentication:

/etc/pam.d/*

/lib/security/*

/lib64/security/*



User Control configuration file:

/etc/vsftpd/ftpusers Pam authentication blacklist, the user in this file is forbidden to log in FTP.


/etc/vsftpd/user_list FTP user blacklist, if userlist_deny=yes, the user is forbidden to log in the file FTP. If Userlist_deny=no is allowed.


Pam Certification file:

/ETC/PAM.D/VSFTPD Specifies that the authentication file is ftpusers.


VSFTPD provides ftpusers and user_list files to limit whether the user is authorized to log on to FTP. In addition, because the user authentication is based on Pam, there are also vsftpd to the user to make the corresponding restrictions.


The following are the contents of each file:


[email protected] vsftpd]# cat Ftpusers

# Users that is not a allowed to login via FTP

Root

Bin

Daemon

cd/

Lp

Sync

Shutdown

Halt

Mail

News

Uucp

operator

Games

Nobody


[email protected] vsftpd]# cat User_list

# vsftpd UserList

# If Userlist_deny=no, only allow users in the this file

# If Userlist_deny=yes (default), never allow users in the this file, and

# do not even prompt for a password.

# Note that the default Vsftpd Pam Config also checks/etc/vsftpd/ftpusers

# for users, that is denied.

Root

Bin

Daemon

cd/

Lp

Sync

Shutdown

Halt

Mail

News

Uucp

operator

Games

Nobody


[Email protected] vsftpd]# CAT/ETC/PAM.D/VSFTPD

#%pam-1.0

Session optional pam_keyinit.so Force revoke

Auth Required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

Auth Required pam_shells.so

Auth include Password-auth

Account include Password-auth

Session Required Pam_loginuid.so

Session include Password-auth


Imprison root directory Related:

By default, the user's own home directory is the root directory after users log in to FTP.

If the user is not imprisoned in the root directory, the logged-in user can use the CD command to switch to a directory other than the root directory, creating a security risk.


The relevant options in the configuration file are as follows:

Chroot_list_enable=yes whether user-imprisoned home directory files are enabled

Chroot_list_file=/etc/vsftpd/chroot_list specify the imprisoned file, the user in the file will be imprisoned

Chroot_local_user=yes whether all system users are allowed to imprison the home directory.


For example:

Chroot_local_user=no

Chroot_list_enable=yes

Chroot_list_file=/etc/vsftpd/chroot_list

Or

Chroot_local_user=yes


This article is from "Small Private blog" blog, please be sure to keep this source http://ggvylf.blog.51cto.com/784661/1658701

VSFTPD user Rights Management and locking root directory

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
root rights android ubuntu user rights root rights android information rights management irm root user apache2 root directory copy to root directory

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More