15.5.2. Log In Options and Access Controls
The following is a list of directives which control the login behavior and access control mechanisms.
anonymous_enable
— When enabled, anonymous users are allowed to log in. The usernamesanonymous
andftp
are accepted.The default value isYES
.Refer to Section 15.5.3, “Anonymous User Options” for a list of directives affecting anonymous users.banned_email_file
— If thedeny_email_enable
directive is set toYES
, this directive specifies the file containing a list of anonymous email passwords which are not permitted access to the server.The default value is/etc/vsftpd.banned_emails
.banner_file
— Specifies the file containing text displayed when a connection is established to the server. This option overrides any text specified in theftpd_banner
directive.There is no default value for this directive.cmds_allowed
— Specifies a comma-delimited list of FTP commands allowed by the server. All other commands are rejected.There is no default value for this directive.deny_email_enable
— When enabled, any anonymous user using email passwords specified in the/etc/vsftpd.banned_emails
are denied access to the server. The name of the file referenced by this directive can be specified using thebanned_email_file
directive.The default value isNO
.ftpd_banner
— When enabled, the string specified within this directive is displayed when a connection is established to the server. This option can be overridden by thebanner_file
directive.By defaultvsftpd
displays its standard banner.local_enable
— When enabled, local users are allowed to log into the system.The default value isYES
.Refer to Section 15.5.4, “Local User Options” for a list of directives affecting local users.pam_service_name
— Specifies the PAM service name forvsftpd
.The default value isftp
. Note, in Red Hat Enterprise Linux, the value is set tovsftpd
.tcp_wrappers
— When enabled, TCP wrappers are used to grant access to the server. If the FTP server is configured on multiple IP addresses, theVSFTPD_LOAD_CONF
option can be used to load different configuration files based on the IP address being requested by the client. For more information about TCP Wrappers, refer to Chapter 17, TCP Wrappers andxinetd
.The default value isNO
. Note, in Red Hat Enterprise Linux, the value is set toYES
.userlist_deny
— When used in conjunction with theuserlist_enable
directive and set toNO
, all local users are denied access unless the username is listed in the file specified by theuserlist_file
directive. Because access is denied before the client is asked for a password, setting this directive toNO
prevents local users from submitting unencrypted passwords over the network.The default value isYES
.userlist_enable
— When enabled, the users listed in the file specified by theuserlist_file
directive are denied access. Because access is denied before the client is asked for a password, users are prevented from submitting unencrypted passwords over the network.The default value isNO
, however under Red Hat Enterprise Linux the value is set toYES
.userlist_file
— Specifies the file referenced byvsftpd
when theuserlist_enable
directive is enabled.The default value is/etc/vsftpd.user_list
and is created during installation.cmds_allowed
— Specifies a comma separated list of FTP commands that the server allows. Any other commands are rejected.There is no default value for this directive.