ProFTPd - Cannot login at all, constant 530 error
Solution 1
I think that listing invalid shells like /sbin/nologin
as valid ones is not the proper way to go (they have been removed on purpose), and neither is allowing the FTP users to log in to the system when they should not be allowed to do so.
IMHO the best way to go is to simply configure ProFTPD not to require a valid shell for the FTP users.
Simply add the directive RequireValidShell off
to section in your proftpd.conf
and reload/restart ProFTPD.
<Global>
...
RequireValidShell off
</Global>
In case you are using PAM authentication in your ProFTPD (you probably are since it's on by default), you might also need to disable the requirement for valid shell in PAM settings.
In my case, I had to comment out the below line from my ProFTPD's PAM config file (/etc/pam.d/proftpd
)
#auth required pam_shells.so
Solution 2
Enter in shell as root
vi /etc/passwd
find your username, and on the end of line see: /bin/false
change to:
/bin/bash
and solve it!
(or any one displayed in: vi /etc/shells
)
Now ftp is working in your own user.
Related videos on Youtube
fRAiLtY-
Updated on September 18, 2022Comments
-
fRAiLtY- almost 2 years
I cannot for whatever reason connect/login either via FTP client or command line to my FTP server. I'm using Webmin and ProFTPd. I have setup a user, with a simple password as part of the ftp group with /sbin/nologin as the shell path. Logs only say "FTP connection opened" and "FTP connection closed". The passive ports I've specified are open on the firewall.
It's as if the password isn't right, but it is. Here's my proftpd.conf file:
# This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $ DefaultRoot ~ ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost ServerType standalone #ServerType inetd DefaultServer off AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off # Use this to excude users from the chroot DefaultRoot ~ !adm # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off UseReverseDNS off # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # Default to show dot files in directory listings ListOptions "-a" # See Configuration.html for these (here are the default values) #MultilineRFC2228 off #RootLogin off #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP # Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20 # Set the user and group that the server normally runs at. User ftp Group ftp # Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile no # This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score # Normally, we want users to do a few things. <Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> PassivePorts 64000 64321 RequireValidShell off </Global> # Define the log formats LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" # TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log # SQL authentication Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details. #<IfModule mod_dso.c> # LoadModule mod_sql.c # LoadModule mod_sql_mysql.c # LoadModule mod_sql_postgres.c #</IfModule> # A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftp # DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous>
-
mdpc about 11 yearsIf you have the shell set to "nologin" why would you think that FTP would override this?
-
-
weeheavy almost 5 yearsGreat answer, covering the latest facts for RHEL/CentOS.