By default, vsftpd denies FTP access to privileged users like root for security reasons. However, in certain controlled environments (e.g., labs, VMs), you might want to enable root FTP login.
Warning: Allowing root to log in via FTP is a major security risk and should never be done on a production or internet-facing server. Proceed only in isolated, secure environments.
This file lists users who are always denied FTP access, even if they have a valid shell and password. You must remove or comment out the root entry.
To edit the file, use:
nano /etc/vsftpd/ftpusersOriginal example (root is blocked):
# Users that are not allowed to login via FTP
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
Updated version:
# vsftpd userlist
# If user_list_enable=YES (default), never allow users in this file, and not even prompt for a password.
# Note that the default vsftpd checks /etc/vsftpd/ftpusers
#root
bin
daemon
adm
lp
sync
shutdown
halt
news
uucp
operator
games
nobody
After making changes, restart the vsftpd service to apply them:
systemctl restart vsftpd.serviceCheck its status:
systemctl status vsftpd.serviceMake sure that the root account has a valid login shell and password. Check the /etc/passwd file:
grep root /etc/passwdExpected output:
root:x:0:0:root:/root:/bin/bash
To set (or reset) the root password:
passwd rootYou can now attempt to log in via FTP using root:
ftp 192.168.1.50Credentials:
- Username: root
- Password: [your root password]
- vsftpd.conf settings related to user access do not need modification if
local_enable=YESis already set. - For secure setups, it is recommended to:
- Use SSH/SFTP instead of FTP.
- Use virtual users with limited access if FTP is required.
- vsftpd.conf settings related to user access do not need modification if
local_enable=YESis already set. - For secure setups, it's recommended to:
- Use SSH/SFTP instead of FTP.
- Use virtual users with limited access if FTP is required.