5.6.3. User Accounts
Because FTP passes unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.
To disable user accounts in
vsftpd
, add the following directive to /etc/vsftpd/vsftpd.conf
:
local_enable=NO
5.6.3.1. Restricting User Accounts
The easiest way to disable a specific group of accounts, such as the root user and those with
sudo
privileges, from accessing an FTP server is to use a PAM list file as described in Section 4.4.1, “Allowing Root Access”. The PAM configuration file for vsftpd
is /etc/pam.d/vsftpd
.
It is also possible to disable user accounts within each service directly.
To disable specific user accounts in
vsftpd
, add the username to /etc/vsftpd.ftpusers
.