In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Blacklist and whitelist of users
There will be multiple users in a Linux host, and we hope that some users will not be able to access ftp. The ftp server can set a list of users through the configuration file "/ etc/vsftpd/user_list", which can be a blacklist or a whitelist, depending on the parameter "userlist_deny" of the configuration file.
1. Blacklist
1) modify the parameter "userlist_enable" in the configuration file "/ etc/vsftpd/vsftpd.conf" to make sure it is yes
[ro ot@localhost wj] # gedit / etc/vsftpd/vsftpd.conf / / Anonymous login
Userlist_enable=YES
2) Open the configuration file "/ etc/vsftpd/vsftpd.conf" and add the word "userlist_deny=yes" at the end. This parameter is yes, which indicates that you want to set a blacklist
[root@localhost wj] # lftp david:543092@192.168.0.113:8765 / / user david login, password is 543092
Userlist_deny=YES
3) Edit the file "/ etc/vsftpd/user_list" and append the user name to be set at the end
[root@localhost ~] # gedit / etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks / etc/vsftpd/ftpusers
# for users that are denied.
Root
Bin
Daemon
Adm
Lp
Sync
Shutdown
Halt
News
Uucp
Operator
Games
Nobody
David
4) restart the service to test whether the users on the blacklist are accessible. The users listed above are all inaccessible users.
[root@localhost wj] # service vsftpd restart / / restart the service
Close vsftpd: [failed]
Start vsftpd for vsftpd: [OK]
[root@localhost wj] # lftp weijie:123456@192.168.0.113:8765 / / user weijie login, you can visit
Lftp weijie@192.168.0.113:~ > ls
-rwxrwxrwx 1 0 2375494044 Aug 14 07:13 1.zip
Lftp weijie@192.168.0.113:~ > bye
[root@localhost wj] # lftp 192.168.0.113virtual 8765 / / Anonymous users can also
Lftp 192.168.0.113 ~ > ls
Drwxr-xr-x 2 0 0 4096 Aug 14 06:38 pub
Lftp 192.168.0.113 / >
[root@localhost wj] # lftp david:543092@192.168.0.113:8765 / / user david is blacklisted, so it cannot be accessed, and the ls command will fail
Lftp david@192.168.0.113:~ > ls
[0] ls &
`ls' at 0 [delay before reconnection: 28]
Lftp david@192.168.0.113:~ >
2. Whitelist
1) modify the parameter "userlist_enable" in the configuration file "/ etc/vsftpd/vsftpd.conf" to make sure it is yes
[ro ot@localhost wj] # gedit / etc/vsftpd/vsftpd.conf / / Anonymous login
Userlist_enable=YES
2) Open the configuration file "/ etc/vsftpd/vsftpd.conf" and add the word "userlist_deny=NO" at the end. This parameter is NO, which indicates that you want to set a whitelist
[root@localhost wj] # lftp david:543092@192.168.0.113:8765 / / user david login, password is 543092
Userlist_deny=NO
3) Edit the file "/ etc/vsftpd/user_list" and append the user name to be set at the end
[root@localhost ~] # gedit / etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks / etc/vsftpd/ftpusers
# for users that are denied.
Root
Bin
Daemon
Adm
Lp
Sync
Shutdown
Halt
News
Uucp
Operator
Games
Nobody
David
4) restart the service to test whether the users on the blacklist are accessible. The users listed above are all inaccessible users.
[root@localhost wj] # service vsftpd restart / / restart the service
Close vsftpd: [failed]
Start vsftpd for vsftpd: [OK]
[root@localhost wj] # lftp david:543092@192.168.0.113:8765 / / user david login, you can visit
Lftp weijie@192.168.0.113:~ > ls
-rwxrwxrwx 1 0 2375494044 Aug 14 07:13 1.zip
Lftp weijie@192.168.0.113:~ > bye
[root@localhost wj] # lftp weijie:123456@192.168.0.113:8765 / / user weijie is not on the whitelist, so it cannot be accessed, and the ls command will fail
Lftp david@192.168.0.113:~ > ls
[0] ls &
`ls' at 0 [delay before reconnection: 28]
Lftp david@192.168.0.113:~ > bye
[root@localhost wj] # lftp 192.168.0.113Visual8765 / / Anonymous users are not allowed
Lftp 192.168.0.113 ~ > ls
[0] ls &
`ls' at 0 [delay before reconnection: 28]
Lftp 192.168.0.113 ~ >
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
