How to create users with only remote ftp access on Linux server

ftpusers

I'm running a Ubuntu 10.04 LTS server and I want to create users who can only access the server from FTP.

What I did so far is:

Install vsftpd
Create new user with default login shell set to /bin/false

The normal users on the server are all able to access their home folder through ftp but the users to whom remote shell access is removed by setting it to /bin/false are not able to log by ftp either.

I don't understand how the shell access affects the vsftpd server? How could I enable the ftp access without re-enabling shell?

Update:
I found this reference that states that I should use /sbin/nologin (seems to be /usr/sbin/nologin in Ubuntu) and that it should not affect ftp access but it does not work in my case.

Best Answer

I don't know if it is good practice to answer my own question but I found a simple solution that enables ftp login.

I needed to add the line

/usr/sbin/nologin

to the file /etc/shells. Right after this modification the ftp server started to accept login from users to whom the shell is set /usr/sbin/nologin. So they cannot login through ssh but it works with ftp exactly as I wanted.

Thanks for your helpful comments.

Related Solutions

How to set the default ftp root folder for an Ubuntu user connecting to VSFTPD

If you specify the user_config_dir in vsftpd.conf, you can set any config option on a per-user basis.

From man vsftpd.conf:

This powerful option allows the override of any config option specified in the manual page, on a per-user basis. Usage is simple, and is best illustrated with an example. If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as the user "chris", then vsftpd will apply the settings in the file /etc/vsftpd_user_conf/chris for the duration of the session.

So, setting local_root in this way to the desired directory changes the FTP root for just that user.

I uninstalled vsftpd, but I can still connect with sftp

SFTP is not FTP. It's the sftp subsystem of ssh, it's handled by the sshd daemon, not vsftpd or any FTP server. It's on the ssh TCP port (22), not the FTP port 21 (well FTP commands are on 21 while data connections are on arbitrary ports, and those multiple connections in FTP are one of the many reasons why SFTP is so much better than FTP).

ss -lp sport = :22

ss -lp sport = :ssh

would show you that sshd is handling the connections there.

If you want to disable SFTP but retain ssh access (though that would make little sense unless users land with a restricted shell on that machine), you have to disable sftp in sshd_config by commenting out the Subsystem sftp... line.

Best Answer

Related Solutions

How to set the default ftp root folder for an Ubuntu user connecting to VSFTPD

I uninstalled vsftpd, but I can still connect with sftp

Related Question