2.2.6.3. User Accounts
Because FTP transmits unencrypted user names and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.
To disable all user accounts in
vsftpd
, add the following directive to /etc/vsftpd/vsftpd.conf
:
local_enable=NO
2.2.6.3.1. Restricting User Accounts
To disable FTP access for specific accounts or specific groups of accounts, such as the root user and those with
sudo
privileges, the easiest way is to use a PAM list file as described in Section 2.1.9.2, “Disallowing Root Access”. The PAM configuration file for vsftpd
is /etc/pam.d/vsftpd
.
It is also possible to disable user accounts within each service directly.
To disable specific user accounts in
vsftpd
, add the user name to /etc/vsftpd/ftpusers