SUSE, ftp登录报错: Refused user root for service vsftpd

时间:2022-06-01 17:01:08
问题描述:
SUSE LINUX,root用户通过ftp登陆到服务器失败: pam_listfile(vsftpd:auth): Refused user root for service vsftpd

db2b(192.168.187.139)机器:
db2b:~ # ftp 192.168.187.138 
Wrapper for lftp to simulate compatibility with lukemftp
Name (root): root
Password:                        <--确认输入了正确的密码
lftp root@192.168.187.138:~> ls
---- Connecting to 192.168.187.138 (192.168.187.138) port 21
<--- 220 (vsFTPd 3.0.2)
ls: Login failed: 530 Login incorrect.       

db2a(192.168.187.138)机器上查看状态,ftp服务确实是active的:
db2a:~ # service vsftpd status
鈼m vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-02-01 17:00:01 CST; 16h ago
 Main PID: 17368 (vsftpd)
    Tasks: 1 (limit: 512)
   CGroup: /system.slice/vsftpd.service
           鈹斺攢17368 /usr/sbin/vsftpd /etc/vsftpd.conf

Feb 01 17:00:01 db2a systemd[1]: Started Vsftpd ftp daemon.
Feb 01 17:06:39 db2a vsftpd[18011]: CONNECT: Client "::ffff:192.168.187.139"
Feb 01 17:06:39 db2a vsftpd[18010]: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Feb 01 17:06:41 db2a vsftpd[18010]: [root] FAIL LOGIN: Client "::ffff:192.168.187.139"
Feb 01 17:06:50 db2a vsftpd[18016]: CONNECT: Client "::ffff:192.168.187.139"
Feb 01 17:06:50 db2a vsftpd[18015]: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Feb 01 17:06:53 db2a vsftpd[18015]: [root] FAIL LOGIN: Client "::ffff:192.168.187.139"
Feb 01 17:07:17 db2a vsftpd[18053]: CONNECT: Client "::ffff:192.168.187.139"
Feb 01 17:07:17 db2a vsftpd[18052]: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Feb 01 17:07:18 db2a vsftpd[18052]: [root] FAIL LOGIN: Client "::ffff:192.168.187.139"

==============

原因:
决定一个用户是否可以通过ftp登录有两个配置文件:ftpusers和user_list. 首先,在ftpusers里的用户都不能通过ftp登录;其次user_list里的用户能否登陆是由参数userlist_deny决定的:如果userlist_deny=YES,则user_list里的用户不能登陆,如果userlist_deny=NO,则user_list里的用户可以通过ftp登陆。

可以看到我的环境里,root用户是在ftpusers列表里的:所以会报错
db2a:~ # cat /etc/ftpusers 
#
# ftpusers      This file describes the names of the users that may
#               _*NOT*_ log into the system via the FTP server.
#                This usually includes "root", "uucp", "news" and the
#                like, because those users have too much power to be
#                allowed to do "just" FTP...
#
adabas
amanda
..
root
...

db2a:~ # ls /etc/*ftp*
/etc/ftpusers  /etc/lftp.conf  /etc/vsftpd.conf

解决方法:
将root从/etc/ftpusers文件里删除或者加上注释,并重启ftp服务: service vsftpd restart