Tuesday, August 18, 2009

Vsftpd Disable Linux FTP User Account

SkyHi @ Tuesday, August 18, 2009
Task: Disable Linux FTP User Account

If you have VSFTPD ftp server or other FTP server add user to /etc/ftpusers or /etc/vsftpd/ftpusers (VSFTPD) file.
# echo tom >> /etc/ftpuser
# echo tom >> /etc/vsftpd/ftpusers
Any user name added to /etc/ftpusers or /etc/vsftpd/ftpusers will prevent them from logging into FTP. However, this will still allow user to login via email (webmail or pop3 / IMAP) and download emails without shell access.

My users will only be checking mail, and I want to disable FTP access as well as shell access under CentOS Linux. How do I disable shell (SSH) and FTP access to a new or old user under Linux without deleting user account?

You can easily disable shell, ssh and FTP access to a user using following commands:

1. chsh command : It used to change your login shell.
2. /sbin/nologin: Displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled.

Task: Disable Linux User Shell Account

Type the following command to disable shell access for tom:
# chsh -s /sbin/nologin {username}
# chsh -s /sbin/nologin tom
Sample Outputs:

Changing shell for tom
Shell changed.


1. -s /sbin/nologin: Politely refuse a login
2. tom : The user name you wish to deny shell access to.