problems with /bin/false
I am using vsftpd 2.0.3 installed from source and recently I have this problem. Users with /bin/false can't log in . When I put /bin/bash everything it's okay. Anyone can help me ? Thanks
|
Is /bin/false in /etc/shells? Most ftpds will not allow users to log in unless their shell is in /etc/shells. You can just add /bin/false to this file (i usually copy /bin/false to /bin/ftponly so I can remember what it's there for :)).
|
I believe using /bin/false is a security measure to prevent them from being able to login. For that reason, I would not add it to /etc/shells. If your user must be able to login, I would give them a "real" shell (eg. bash). Or you could try by adding /bin/true to /etc/shells and give them that as a default.
In my unmodified /etc/shells, /bin/false is not listed, but it is the default shell for several user id's which should not need login access. Garry |
I try the variant with adding /bin/false in /etc/shells, and now my users can log in on ftp chrooted with -s /bin/false ..so they don't have access on ssh or telnet(shell). Whatever I think this is an issue with vsftpd, because security is the first goal and maybe in in next version it will be fixed. Thank you both.
|
It's not an issue, it's pretty standard behavior for an ftp server.Adding /bin/false to /etc/shells will not magically grant users with /bin/false as their shell the ability to login (after all it's a program that does nothing, which is pretty useless for a login shell). That's why it can be used as a "shell" for people who only need ftp access. Of course, you don't necessarily want all /bin/false users to necessarily be allowed ftp, which is why I copy it to /bin/ftponly as described above.
|
Aha! Now I get your thinking.
You copy /bin/false to /bin/ftponly, then add /bin/ftponly to /etc/shells and setup the users you want to have ftp access only with /bin/ftponly. I like that idea, especially since it doesn't open up any other doors (such as allowing system users ftp access). Please excuse my thickness. :D Garry |
All times are GMT -5. The time now is 06:16 PM. |