15.5.2. Log In Options and Access Controls
The following is a list of directives which control the login behavior and access control mechanisms.
anonymous_enable— When enabled, anonymous users are allowed to log in. The usernames
ftpare accepted.The default value is
YES.Refer to Section 15.5.3, “Anonymous User Options” for a list of directives affecting anonymous users.
banned_email_file— If the
deny_email_enabledirective is set to
YES, this directive specifies the file containing a list of anonymous email passwords which are not permitted access to the server.The default value is
banner_file— Specifies the file containing text displayed when a connection is established to the server. This option overrides any text specified in the
ftpd_bannerdirective.There is no default value for this directive.
cmds_allowed— Specifies a comma-delimited list of FTP commands allowed by the server. All other commands are rejected.There is no default value for this directive.
deny_email_enable— When enabled, any anonymous user using email passwords specified in the
/etc/vsftpd.banned_emailsare denied access to the server. The name of the file referenced by this directive can be specified using the
banned_email_filedirective.The default value is
ftpd_banner— When enabled, the string specified within this directive is displayed when a connection is established to the server. This option can be overridden by the
vsftpddisplays its standard banner.
local_enable— When enabled, local users are allowed to log into the system.The default value is
YES.Refer to Section 15.5.4, “Local User Options” for a list of directives affecting local users.
pam_service_name— Specifies the PAM service name for
vsftpd.The default value is
ftp. Note, in Red Hat Enterprise Linux, the value is set to
tcp_wrappers— When enabled, TCP wrappers are used to grant access to the server. If the FTP server is configured on multiple IP addresses, the
VSFTPD_LOAD_CONFoption can be used to load different configuration files based on the IP address being requested by the client. For more information about TCP Wrappers, refer to Chapter 17, TCP Wrappers and
xinetd.The default value is
NO. Note, in Red Hat Enterprise Linux, the value is set to
userlist_deny— When used in conjunction with the
userlist_enabledirective and set to
NO, all local users are denied access unless the username is listed in the file specified by the
userlist_filedirective. Because access is denied before the client is asked for a password, setting this directive to
NOprevents local users from submitting unencrypted passwords over the network.The default value is
userlist_enable— When enabled, the users listed in the file specified by the
userlist_filedirective are denied access. Because access is denied before the client is asked for a password, users are prevented from submitting unencrypted passwords over the network.The default value is
NO, however under Red Hat Enterprise Linux the value is set to
userlist_file— Specifies the file referenced by
userlist_enabledirective is enabled.The default value is
/etc/vsftpd.user_listand is created during installation.
cmds_allowed— Specifies a comma separated list of FTP commands that the server allows. Any other commands are rejected.There is no default value for this directive.