i'm not the authority on this, but i have two virtual users that are working and do not allow login.
in my /etc/proftpd/proftpd.conf , i have:
Code:
AuthUserFile /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/proftpd/ftpd.group
i use the tool 'ftpasswd' to manipulate those files. i use the '--shell /bin/false' option to make certain they cannot login via console or ssh.
Code:
$ ftpasswd --help | grep required
--home Home directory for the user (required).
--name Name of the user account (required). If the name does not
--shell Shell for the user (required). Recommended: /bin/false
--uid Numerical user ID (required)
--gid Numerical group ID (required).
--name Name of the group (required). If the name does not exist in
my ftpd.password file looks something like this:
Code:
$ sudo cat /etc/proftpd/ftpd.passwd
joe:$1$D3j5Zw6L$jl73TqmYgy9ObSeKSGOrZ.:1000:1000::/mnt/synology/joe:/bin/false
frank:$1$xl7eFh4J$yTeGCs6sWjRf3BxDH1PUf.:1000:1000::/mnt/synology/frank:/bin/false
Now you will see they are set to 1000:1000. i am unsure if this is ultimately proper. this relates to my personal local account user id / group id. I
THINK that more properly would be to create a system user named ftpuser with no home, no shell and assign your virtual users to it.
Code:
$ cat /etc/passwd | grep ftpuser
ftpuser:x:1001:1001::/dev/null:/bin/false
then manipulate file/folder rights with that user (chown/chmod). [??? maybe]
more info here:
http://www.proftpd.org/docs/howto/VirtualUsers.html
notice the quote "Important: proftpd will use all authentication mechanisms by default."