ProFTPd - Cannot login at all, constant 530 error

linux ftp proftpd
15,031

Solution 1

I think that listing invalid shells like /sbin/nologin as valid ones is not the proper way to go (they have been removed on purpose), and neither is allowing the FTP users to log in to the system when they should not be allowed to do so.

IMHO the best way to go is to simply configure ProFTPD not to require a valid shell for the FTP users.

Simply add the directive RequireValidShell off to section in your proftpd.conf and reload/restart ProFTPD.

<Global>
...
RequireValidShell off
</Global>

In case you are using PAM authentication in your ProFTPD (you probably are since it's on by default), you might also need to disable the requirement for valid shell in PAM settings. In my case, I had to comment out the below line from my ProFTPD's PAM config file (/etc/pam.d/proftpd)

#auth       required     pam_shells.so

Solution 2

Enter in shell as root

vi /etc/passwd

find your username, and on the end of line see: /bin/false

change to:

/bin/bash

and solve it!

(or any one displayed in: vi /etc/shells)

Now ftp is working in your own user.

Share:
15,031

Related videos on Youtube

fRAiLtY-
Author by

fRAiLtY-

Updated on September 18, 2022

Comments

  • fRAiLtY-
    fRAiLtY- almost 2 years

    I cannot for whatever reason connect/login either via FTP client or command line to my FTP server. I'm using Webmin and ProFTPd. I have setup a user, with a simple password as part of the ftp group with /sbin/nologin as the shell path. Logs only say "FTP connection opened" and "FTP connection closed". The passive ports I've specified are open on the firewall.

    It's as if the password isn't right, but it is. Here's my proftpd.conf file:

    # This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

DefaultRoot ~
ServerName          "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
ServerType standalone
#ServerType         inetd
DefaultServer           off
AccessGrantMsg          "User %u logged in."
#DisplayConnect         /etc/ftpissue
#DisplayLogin           /etc/ftpmotd
#DisplayGoAway          /etc/ftpgoaway
DeferWelcome            off

# Use this to excude users from the chroot
DefaultRoot         ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig           proftpd
AuthOrder           mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups            off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port                21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask               022

# Default to show dot files in directory listings
ListOptions         "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228       off
#RootLogin          off
#LoginPasswordPrompt        on
#MaxLoginAttempts       3
#MaxClientsPerHost      none
#AllowForeignAddress        off # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart        on
AllowStoreRestart       on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User                ftp
Group               ftp

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile         no

# This is where we want to put the pid file
ScoreboardFile          /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite        yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
PassivePorts 64000 64321
RequireValidShell off
</Global>

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine          on
#TLSRequired            on
#TLSRSACertificateFile      /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile   /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite         ALL:!ADH:!DES
#TLSOptions         NoCertRequest
#TLSVerifyClient        off
##TLSRenegotiate        ctrl 3600 data 512000 required off timeout 300
#TLSLog             /var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
#   LoadModule mod_sql.c
#   LoadModule mod_sql_mysql.c
#   LoadModule mod_sql_postgres.c
#</IfModule>

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User             ftp
#  Group                ftp
#  AccessGrantMsg       "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias            anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients           10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir            /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files. 
#  DisplayLogin         /welcome.msg
#  DisplayFirstChdir        .message
#  DisplayReadme            README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser          on ftp
#  DirFakeGroup         on ftp
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite     no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog          off
#
#  # Logging for the anonymous transfers
#  ExtendedLog      /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog      /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
    • mdpc
      mdpc about 11 years
      If you have the shell set to "nologin" why would you think that FTP would override this?
  • weeheavy
    weeheavy almost 5 years
    Great answer, covering the latest facts for RHEL/CentOS.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cannot connect to FTP via Filezilla on Lightsail
Cannot delete or edit files on ProFTPD server
How to deny upload in proftpd
PROFTPD - Why permissions denied?
ProFTPD: Limit user to one directory only, and link that user directory to a specific folder
How to "jail" a ftp user inside its home directory (proftpd)?
proFTPD unable to determine IP address
How to change the ftp server port in ProFTPD
proftpd initial directory for each user
Using wget to download select directories from ftp server