Re: ftp nologin problem
- From: Matthew Seaman <m.seaman@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 28 Dec 2005 09:59:47 +0000
Imran Imtiaz wrote:
I am running ProFTPD 1.2.10 on my bsd server but the problem is that if a user don't have a shell and I've defined his shell as nologin then the ftp server does not logon and give the following error C:\Documents and Settings\Asif>ftp 192.168.0.3 Connected to 192.168.0.3. 220 ProFTPD 1.2.10 Server (ProFTPD Default Installation) [192.168.0.3] User (192.168.0.3:(none)): db.backup 331 Password required for db.backup. Password: 530 Login incorrect. Login failed. ftp>
tell me how can I correct this problem cause I don't want to give user a shell.
Yes -- in order for a user to log in successfully via FTP they need:
* a user account
* a valid shell (appears in /etc/shells)
* not to be in the list of user accounts *denied* ftp access,
confusingly kept in /etc/ftpusersI suspect it's point 2 that you are running into here. However, do not just blindly add /sbin/nologin to /etc/shells -- any user account that gets created on your system solely for the purpose of owning files or processes will probably end up with nologin as its shell. Putting nologin into /etc/shells potentially creates a back door by which those accounts can be used with FTP.
Instead, take a copy of /sbin/nologin, call it /usr/local/bin/ftp-only and use that as the shell for all ftp users. Add that to /etc/shells and everything should work the way you want.
If you're trying to setup a highly secure mechanism for copying files over the net for backup, then I'd counsel against using FTP at all -- it's one of those archaic 'dawn of the internet' type protocols that does nasty things like transmitting passwords over networks in plain text. Two much better alternatives are:
WebDav over HTTPS -- very easy to use from the Windows desktop via
the 'map network location' feature. One gotcha is that if you're
using a self signed cert on your webserver then you have to click
on 'examine certificate' the first time you connect to the server,
and then click on 'accept this certificate' or Windows will silently
refuse to map the web location. rsync or scp over ssh. On the Windows side, you'll need a SSH
client, like Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/)
scp is built into Putty, but adding rsync capability will need you to
do a bit more work. You'll need to install rsync (Ports: net/rsync)
on your FreeBSD server, plus the Cygwin environment on your windows
machines ( http://www.cygwin.com/)Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
Attachment:
signature.asc
Description: OpenPGP digital signature
- References:
- ftp nologin problem
- From: Imran Imtiaz
- ftp nologin problem
- Prev by Date: Re: "Load Balancing": How Busy are the servers?
- Next by Date: qmail + vpopmail + procmail
- Previous by thread: ftp nologin problem
- Next by thread: qmail + vpopmail + procmail
- Index(es):
Relevant Pages
|
|
