21.2.2.6.2. Log In Options and Access Controls

The following is a list of directives that control the login behavior and access-control mechanisms.
  • anonymous_enable — When enabled, anonymous users are allowed to log in. The user names anonymous and ftp are accepted.
    The default value is YES.
    See Section 21.2.2.6.3, “Anonymous User Options” for a list of directives affecting anonymous users.
  • banned_email_file — If the deny_email_enable directive is set to YES, this directive specifies the file containing a list of anonymous email passwords that are not permitted access to the server.
    The default value is /etc/vsftpd/banned_emails.
  • banner_file — Specifies the file containing text displayed when a connection is established to the server. This option overrides any text specified in the ftpd_banner directive.
    There is no default value for this directive.
  • cmds_allowed — Specifies a comma-delimited list of FTP commands allowed by the server. All other commands are rejected.
    There is no default value for this directive.
  • deny_email_enable — When enabled, any anonymous user utilizing email passwords specified in /etc/vsftpd/banned_emails are denied access to the server. The name of the file referenced by this directive can be specified using the banned_email_file directive.
    The default value is NO.
  • ftpd_banner — When enabled, the string specified within this directive is displayed when a connection is established to the server. This option can be overridden by the banner_file directive.
    By default, vsftpd displays its standard banner.
  • local_enable — When enabled, local users are allowed to log in to the system. Note that the SELinux ftp_home_dir Boolean option needs to be set for this directive to work as expected. See Section 21.2.2.4, “SELinux Policy for vsftpd” and to ftpd_selinux(8) for more information on vsftpd's interaction with the default SELinux policy.
    The default value is NO. On Red Hat Enterprise Linux 6, this option is set to YES in the configuration file.
    See Section 21.2.2.6.4, “Local-User Options” for a list of directives affecting local users.
  • pam_service_name — Specifies the PAM service name for vsftpd.
    The default value is ftp. On Red Hat Enterprise Linux 6, this option is set to vsftpd in the configuration file.
  • tcp_wrappers — When enabled, TCP wrappers are used to grant access to the server. If the FTP server is configured on multiple IP addresses, the VSFTPD_LOAD_CONF environment variable can be used to load different configuration files based on the IP address being requested by the client.
    The default value is NO. On Red Hat Enterprise Linux 6, this option is set to YES in the configuration file.
  • userlist_deny — When used in conjunction with the userlist_enable directive and set to NO, all local users are denied access unless their user name is listed in the file specified by the userlist_file directive. Because access is denied before the client is asked for a password, setting this directive to NO prevents local users from submitting unencrypted passwords over the network.
    The default value is YES.
  • userlist_enable — When enabled, users listed in the file specified by the userlist_file directive are denied access. Because access is denied before the client is asked for a password, users are prevented from submitting unencrypted passwords over the network.
    The default value is NO. On Red Hat Enterprise Linux 6, this option is set to YES in the configuration file.
  • userlist_file — Specifies the file referenced by vsftpd when the userlist_enable directive is enabled.
    The default value is /etc/vsftpd/user_list, which is created during installation.