I've installed VSFTPD on a LEMP stack on Ubuntu 14.04. The only significant changes made to vsftpd.conf are:
anonymous_enable=no
local_enable=yes
write_enable=yes
chroot_local_user=yes
allow_writeable_chroot=yes
VSFTPD should block root access by default, I've checked the /etc/ftpusers file and root is listed within the file to deny access however I am able to ftp into the server using the root account. When I do I'm taken into, and jailed to, the /root folder.
How can I disable root login via ftp?
Contents of /etc/pam.d/vsftp:
# Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.
# Standard pam includes
@include common-account
@include common-session
@include common-auth
auth required pam_shells.so
adding
userlist_enable=yes
userlist_deny=yes
userlist_file=/etc/vsftp.user_list
did deny root access - but only if one there is only one line in the userlist file. If I add multiple users (one per line) then it breaks and allows root login.
If root is not being read from the /etc/ftpusers file then I'm assuming other users such as mail, daemon, man, nobody etc. aren't being read either? (Hence why I tried to add them to the userlist file)
