Mailinglist Archive: opensuse (3729 mails)
| < Previous | Next > |
Re: [SLE] disconnecting users from VSFTP
- From: Christopher Mahmood <ckm@xxxxxxxx>
- Date: Sat, 31 May 2003 18:48:39 -0700
- Message-id: <20030601014839.GA12833@xxxxxxxxxxxxxxxxxx>
* Rikard Johnels (rjhn@xxxxxxxx) [030531 15:02]:
> Is there a way to block specific users from my vsftp server?
If they aren't anonymous users then sure, see the the
chroot_list_enable section of vsftpd.conf(5). If they are anonymous
then there's not a whole lot you can do.
> Sometimes i find users uploading stuff that are outside the agreement, and i
> want to be able to DISCONNECT them as they are trying to.
> I tried blocking them inthe firewall by adding a DROP rule to the specific IP
> But the transfer stayed up.
Perhaps you blocked the control connection and not the data
connection?
> proftpd had nice features to view connected users and drop them at will.
> But as far as i can see vsftp hasnt got those. :(
No, it doesn't. Lack of feature creep is one of the reasons vsftpd
doesn't have the miserable security history that proftpd has. It's
a pretty straightforward shell script to write a utility like that,
especially if these are not anonymous users.
--
-ckm
> Is there a way to block specific users from my vsftp server?
If they aren't anonymous users then sure, see the the
chroot_list_enable section of vsftpd.conf(5). If they are anonymous
then there's not a whole lot you can do.
> Sometimes i find users uploading stuff that are outside the agreement, and i
> want to be able to DISCONNECT them as they are trying to.
> I tried blocking them inthe firewall by adding a DROP rule to the specific IP
> But the transfer stayed up.
Perhaps you blocked the control connection and not the data
connection?
> proftpd had nice features to view connected users and drop them at will.
> But as far as i can see vsftp hasnt got those. :(
No, it doesn't. Lack of feature creep is one of the reasons vsftpd
doesn't have the miserable security history that proftpd has. It's
a pretty straightforward shell script to write a utility like that,
especially if these are not anonymous users.
--
-ckm
| < Previous | Next > |