12.5.2. Log In Options and Access Controls

The following is a list of directives which control the login behavior and access control mechanisms.

anonymous_enable — When enabled, anonymous users are allowed to log in. The usernames anonymous and ftp are accepted.
The default value is YES.
Refer to Section 12.5.3, “Anonymous User Options” for a list of directives affecting anonymous users.
banned_email_file — If the deny_email_enable directive is set to YES, this directive specifies the file containing a list of anonymous email passwords which are not permitted access to the server.
The default value is /etc/vsftpd.banned_emails.
banner_file — Specifies the file containing text displayed when a connection is established to the server. This option overrides any text specified in the ftpd_banner directive.
There is no default value for this directive.
cmds_allowed — Specifies a comma-delimited list of FTP commands allowed by the server. All other commands are rejected.
There is no default value for this directive.
deny_email_enable — When enabled, any anonymous user utilizing email passwords specified in the /etc/vsftpd.banned_emails are denied access to the server. The name of the file referenced by this directive can be specified using the banned_email_file directive.
The default value is NO.
ftpd_banner — When enabled, the string specified within this directive is displayed when a connection is established to the server. This option can be overridden by the banner_file directive.
By default vsftpd displays its standard banner.
local_enable — When enabled, local users are allowed to log into the system.
The default value is YES.
Refer to Section 12.5.4, “Local User Options” for a list of directives affecting local users.
pam_service_name — Specifies the PAM service name for vsftpd.
The default value is ftp. Note, in Fedora, the value is set to vsftpd.
The default value is NO. Note, in Fedora, the value is set to YES.
userlist_deny — When used in conjunction with the userlist_enable directive and set to NO, all local users are denied access unless the username is listed in the file specified by the userlist_file directive. Because access is denied before the client is asked for a password, setting this directive to NO prevents local users from submitting unencrypted passwords over the network.
The default value is YES.
userlist_enable — When enabled, the users listed in the file specified by the userlist_file directive are denied access. Because access is denied before the client is asked for a password, users are prevented from submitting unencrypted passwords over the network.
The default value is NO, however under Fedora the value is set to YES.
userlist_file — Specifies the file referenced by vsftpd when the userlist_enable directive is enabled.
The default value is /etc/vsftpd.user_list and is created during installation.