Feb 21, 2012

Linux/Ubuntu :: pure-ftpd does not allow login to user with /usr/sbin/nologin shell

Expectations:
You have created a user with /usr/sbin/nologin shell (ftp-only user) in Linux/Ubuntu.
If you SSH to the box with this username and password it should not work.
If you FTP to the box with this username and password it should.

Symptoms:
Pure-ftpd does not permit login if the shell is set to /bin/false or /usr/sbin/nologin.
If you change the shell to /bin/bash it works.


Connected to localhost.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 17:53. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:root): ftponly
331 User ftponly OK. Password required
Password:
530 Login authentication failed
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.

Solution:
You need to add the nologin or false shell to the file /etc/shells.

root@box:/# cat /etc/shells
# /etc/shells: valid login shells
/bin/csh
/bin/sh
/usr/bin/es
/usr/bin/ksh
/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/screen
/bin/false
/usr/sbin/nologin



2 comments:

Anonymous said...

Thanks! Was struggling with this!

Anonymous said...

Me too!