2 Replies Latest reply: Feb 2, 2013 9:31 PM by macmartin
macmartin Level 2 Level 2 (495 points)

Hello together,

 

I want to set up a user who can only use ftp.

 

I already tried to add a user with dscl:

 

AppleMetaNodeLocation: /Local/Default

AuthenticationAuthority: ;Kerberosv5;;scanner@LKDC:SHA1.89A0693B6B330B6432D695445AAA8E38FE88DF93;LKDC:SH A1.89A0693B6B330B6432D695445AAA8E38FE88DF93 ;ShadowHash;HASHLIST:<SALTED-SHA512,SMB-NT,CRAM-MD5,RECOVERABLE>

GeneratedUID: 7BFB0F8A-82A0-4E07-BB99-BFD45ADC2F76

NFSHomeDirectory:

/Shared Items/90_Scans

Password: ********

PasswordPolicyOptions:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

          <key>failedLoginCount</key>

          <integer>0</integer>

          <key>failedLoginTimestamp</key>

          <date>2001-01-01T00:00:00Z</date>

          <key>lastLoginTimestamp</key>

          <date>2001-01-01T00:00:00Z</date>

          <key>passwordTimestamp</key>

          <date>2013-02-01T13:11:52Z</date>

</dict>

</plist>

PrimaryGroupID: 20

RealName: Scanner

RecordName: scanner

RecordType: dsRecTypeStandard:Users

UniqueID: 999

UserShell: /bin/false

 

But when I try to login via ftp I get:

 

Connected to bigmac.mydomain.com

220 192.168.1.2 FTP server (tnftpd 20100324+GSSAPI) ready.

331 User scanner accepted, provide password.

Password:

530 User scanner may not use FTP.

ftp: Login failed

 

What am I doing wrong?

 

Thanks in advance

macmartin

  • 1. Re: Set up user for ftp only
    Camelot Level 8 Level 8 (45,790 points)

    For the raw answer:

     

    cat /etc/shells

     

    and note the comments at the top of the file, notably:

     

    # List of acceptable shells for chpass(1).

    # Ftpd will not allow users to connect who are not using

    # one of these shells.

     

    Since you set your UserShell to /bin/false, and /bin/false is not listed as a valid shell in /etc/shells, your user cannot log in to the server.

     

    Typical OSes include a dummy shell, typically /bin/ftponly or /sbin/nologin which you can use for such accounts, but you'll still need to add them to /etc/shells if they're not listed there.

  • 2. Re: Set up user for ftp only
    macmartin Level 2 Level 2 (495 points)

    Thank you.

    This helped.

     

    Best regards

    macmartin