ste*_*ang 13 linux ftp users vsftpd
我想为几个 ftp-only 用户设置一个 ftp vsftpd。我配置了 FTP 以启用本地用户访问。它工作正常。但是一旦我将用户的 shell 编辑为/usr/sbin/nologin,它就无法登录到 FTP 并出现以下错误:
Response: 220 Welcome to the Scent Library's File Service.
Command: USER marketftp
Response: 331 Please specify the password.
Command: PASS ******
Response: 530 Login incorrect.
这是我所做的:
所有 ftp-only 用户都将/srv/ftp作为他们的主目录。目录信息是
/srv/ftp: drwxr-xr-x 3 root slftp 4.0K 2012-02-09 17:20 ftp/
所有 ftp-only 用户都将在该组中slftp;
我创建了用户adduser并最终得到了这个/etc/passwd条目:marketftp:x:1001:1001::/srv/ftp:/usr/sbin/nologin
这在/etc/group:slftp:x:1001:marketftp
在vsftpd与下列配置为限制用户自己的家,除了在本地用户vsftpd.chroot_list:
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
我的问题在哪里?由于普通本地用户可以登录FTP,所以连接正常。但是为什么只有 ftp 的用户不能登录?
kaj*_*aji 14
取自这里
问)帮助!本地用户无法登录。
A) There are various possible problems.
A1) By default, vsftpd disables any logins other than anonymous logins. Put
local_enable=YES in your /etc/vsftpd.conf to allow local users to log in.
A2) vsftpd tries to link with PAM. (Run "ldd vsftpd" and look for libpam to
find out whether this has happened or not). If vsftpd links with PAM, then
you will need to have a PAM file installed for the vsftpd service. There is
a sample one for RedHat systems included in the "RedHat" directory - put it
under /etc/pam.d
A3) If vsftpd didn't link with PAM, then there are various possible issues. Is
the user's shell in /etc/shells? If you have shadowed passwords, does your
system have a "shadow.h" file in the include path?
**A4) If you are not using PAM, then vsftpd will do its own check for a valid
user shell in /etc/shells. You may need to disable this if you use an invalid
shell to disable logins other than FTP logins. Put check_shell=NO in your
/etc/vsftpd.conf.**
你是案例A4
查看 man vsftpd.conf 中的 check_shell:
Note! This option only has an effect for non-PAM builds of vsftpd.
If disabled, vsftpd will not check /etc/shells for a valid user
shell for local logins.
Default: YES
您可以将 /usr/sbin/nologin 添加到 /etc/shells。简单易行的解决方案。
另一种是更改 vsftpd.conf/PAM 配置。
在 PAM 案例中注释掉这个“auth ...”行:
$ grep shells /etc/pam.d/vsftpd
auth required pam_shells.so