Question
Why does the Host Access Control not work for Pure FTPD?
Answer
For Host Access Control (AKA TCPWrappers) to work for a specific service, that service needs to be linked to the libwrap.so.0 shared object/library file. To put it another way, if a given network service has been compiled against the libwrap library file, then we will say that service is a TCP-wrapped service, and consequently, we would be able to manage access to that service via these two files:
- /etc/hosts.allow
- /etc/hosts.deny
We can use the ldd command to determine whether a network service is linked to libwrap. So let's check Pure-FTPD and see if it does support TCP Wrappers:
ldd /usr/sbin/pure-ftpd | grep -i libwrap
~
As you can see above, Pure-FTPD has not been compiled against the libwrap library, so TCP-Wrappers (/etc/hosts.{allow,deny}) would not work for this service. Pro-FTPD, on the other hand, does support TCP-Wrappers:
ldd /usr/sbin/proftpd | grep -i libwrap
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007fa208034000)
So, to control access to the ftpd daemon, you must use the ProFTPD FTP server. Pure-FTP does not support TCP wrappers.
You can switch to ProFTPD at WHM "Home / Service Configuration / FTP Server Selection".
You can refer to this link from our official documentation for more information on how to configure ProFTPd to utilize the Host Access Control feature:
ProFTPD Configuration for Host Access Control
Comments
0 comments
Article is closed for comments.