我想为vsftpd
几个ftp用户设置一个ftp。 我configuration了FTP来启用本地用户访问。 它工作正常。 但是,一旦我编辑用户的shell到/usr/sbin/nologin
,它将无法login到FTP,出现以下错误:
Response: 220 Welcome to the Scent Library's File Service. Command: USER marketftp Response: 331 Please specify the password. Command: PASS ****** Response: 530 Login incorrect.
这是我所做的:
所有仅限ftp的用户将拥有/srv/ftp
作为他们的主目录。目录信息是
/srv/ftp: drwxr-xr-x 3 root slftp 4.0K 2012-02-09 17:20 ftp/
所有仅限ftp的用户将在组中slftp
;
我用adduser
创build了用户,并以/etc/passwd
marketftp:x:1001:1001::/srv/ftp:/usr/sbin/nologin
而这在/etc/group
: slftp:x:1001:marketftp
vsftpd
configuration如下,将用户限制在他们自己的家中,除了vsftpd.chroot_list
本地用户:
chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list
我的问题在哪里? 由于FTP可以由普通的本地用户login,所以连接没问题。 但为什么不能用ftp用户login?
从这里采取
Q)帮助! 本地用户无法login。
A) There are various possible problems. A1) By default, vsftpd disables any logins other than anonymous logins. Put local_enable=YES in your /etc/vsftpd.conf to allow local users to log in. A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to find out whether this has happened or not). If vsftpd links with PAM, then you will need to have a PAM file installed for the vsftpd service. There is a sample one for RedHat systems included in the "RedHat" directory - put it under /etc/pam.d A3) If vsftpd didn't link with PAM, then there are various possible issues. Is the user's shell in /etc/shells? If you have shadowed passwords, does your system have a "shadow.h" file in the include path? **A4) If you are not using PAM, then vsftpd will do its own check for a valid user shell in /etc/shells. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Put check_shell=NO in your /etc/vsftpd.conf.**
你是案例A4
看看vsftpd.conf中的check_shell:
Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins. Default: YES
您可以将/ usr / sbin / nologin添加到/ etc / shells。 简单而简单的解决scheme
另一个是更改vsftpd.conf / PAMconfiguration。
在PAM情况下注释掉这个“auth …”行:
$ grep shells /etc/pam.d/vsftpd auth required pam_shells.so
他们没有WRITE访问他们自己的家庭文件夹。
(其RWX RX RX ,所有者根 ,组slftp )
这通常足以阻止FTP工作。
我把/usr/sbin/nologin
放在/etc/shells
和vsftpd中工作正常。