Previous 1 2 Next 19 Replies Latest reply: Jan 17, 2014 5:27 PM by amrosell100
yogui1492 Level 1 (0 points)

I have a problem with Server Versión 2.1.0 (127.18). I have created a user and I have given access to the ftp folder, but I get always the same massage: "530 User xxxxx may not use FTP.". The user has enabled the ftp service. Any idea who can I solve it?




Server, OS X Mountain Lion (10.8.2)
  • Mark23 Level 3 (975 points)

    Did you enter the right password?

    The error means "530 Login incorrect."

  • Mark23 Level 3 (975 points)

    Are there spaces in the user name?

    With "right password" I mean UPPERCASE/lowercase too.


    Try revoking the access to the user, press ok, wait for it to stop thinking and granting the access once more...

  • yogui1492 Level 1 (0 points)

    I enter the right password becouse de messege is diferent when I write wrong.

    error 530 means login incorrect as it says in wikipedia, but in this case give a strange massage that may not use ftp. It's like the server not recognize the rights I gave to the user.

  • yogui1492 Level 1 (0 points)

    The user name is only one word, so no spaces. The password is words and numbers all in low case. The directory where I have difined the ftp repository hasn't have spaces. Even when I'm use the default directory the result is the same. The ftp only works with my user that it's adminitrative.

  • Eric. Level 6 (12,260 points)

    What kind of user for FTP did you setup? Is this a regular account local or network? If it's local, is it services only with no home directory?

  • yogui1492 Level 1 (0 points)

    Hi Eric,


    Sorry for my late answer, it is services with no home directory. But I tried with with a local account and home directory and the result was the same. I only have work when I use the propietary account. I have checked the rights in the folders and it seems ok, maybe I should enable a special group difine in the server. Any idea Mark23 and Eric?

  • yogui1492 Level 1 (0 points)

    Yes, I found the problem:


    In advance settings when you define de account the begining shell as /bin/sh


  • Mark23 Level 3 (975 points)

    The picture isn't available for us to see, please submit the picture again using the insert image dialogue when replying to my message.

  • Acidron Level 1 (0 points)

    I just want to confirm how to fix that.


    Apple Server app -> Accounts/Users -> Advanced Options in the context menu for the user -> Login shell


    It is /user/bin/false by default for "Services only" account, should be changed to /bin/sh

  • yogui1492 Level 1 (0 points)

    This is the picture I didn't include before, it's in spanish but I think you can place the parameter I mentioned before.



    Captura de pantalla 2012-10-03 a la(s) 22.43.14.jpg

  • Eric. Level 6 (12,260 points)

    Acidron wrote:

    It is /user/bin/false by default for "Services only" account, should be changed to /bin/sh


    Yeah "/user/bin/false" is the default for Services only accounts/users, and it needs to be changed. While I didn't verify them all, any of the listed shells should work. I set mine to /bin/bash months ago and never had a problem.


    I think this only works for local "services only" users/accounts since they're the only ones that will appear in the Users&Groups System Preferences for editing.

  • LLange Level 1 (0 points)

    Acidron wrote:


    I just want to confirm how to fix that.


    Apple Server app -> Accounts/Users -> Advanced Options in the context menu for the user -> Login shell


    It is /user/bin/false by default for "Services only" account, should be changed to /bin/sh


    Thanks !

  • fseesink Level 1 (0 points)

    Actually, while this will work, it is NOT the appropriate way to deal with this from a security point of view.


    Let me explain.  The real reason why you are seeing the "User xxxxx may not use FTP" message is for the following reason.  In *nix based systems such as Mac OS X, when you create a user, that user has a login shell associated with it as already mentioned (right-click a user and select 'Advanced Options...' to see this).  This shell is usually something like a Bourne Again SHell (BASH) (/usr/bin/bash), C SHell (/usr/bin/csh), or your more traditional Korne SHell (/usr/bin/ksh), depending what the user prefers to use for their command line.


    However, when you setup a Mac user with the Home Folder: set to [None - Services Only], you are indicating that this user is to have access to some set of services such as FTP but NOT be a local user on the machine (as in you see that user on the login screen and can sign in with their credentials right on the Mac).  Therefore, such a user's login shell is set to /usr/bin/false.  Translation:  this user does not HAVE a login shell, therefore cannot login.  If they attempt to TELNET/SSH/etc., as the process continues, the lack of a shell will deny them access.  This is by design.


    Unfortunately, for whatever reason, Apple neglected something.  Also in *nix-based systems, there are system files located in the /etc/ folder which determine various things.  One of those files is /etc/shells.  As you can see if you bring up a Terminal and enter the following commands:


    cd /etc

    cat shells


    here is what is in that file, and the comments explain its purpose:


    # List of acceptable shells for chpass(1).

    # Ftpd will not allow users to connect who are not using

    # one of these shells.











    So what's my point?  Look carefully at that file.  Notice anything missing?  That's right.  There's no line reading




    This means that although the Mac GUI let you create a "services only" user, they associated that user with a "shell" which is not in the approved /etc/shells list.  THIS is why you are being rejected.  Why Apple didn't include this is beyond me.


    Now Acidron's solution works because you are changing the login shell to one that IS listed in /etc/shells.  But you are ALSO giving that user an ACTUAL login shell, which might be misused to gain higher level access to the system.


    The RIGHT solution would be for Apple to include the missing line in /etc/shells.  But as they have yet to do it, you can do it yourself.  Using Terminal, simply edit this file as root and add the one line, doing something like this:


    sudo vim /etc/shells


    If you are not familiar with the VIM editor (quite possible), I'd suggest an easier one that's built-in as well.  Do this instead:


    sudo nano /etc/shells


    You should be prompted for your password (what you used to log in to the Mac and/or any time you install Mac software and it wants your password).  Enter it, and at this point you'll be in the nano/pico editor with the file contents loaded.  Simply use your cursor keys to navigate to the bottom of the file, enter the one line




    then save the file by pressing [CTRL]-[X] and then hitting [Y] to confirm the save.


    As a few added things to note, the FTP server built into Mac OS X also looks for other files in /etc.  For example, if you want a welcome message to be shown, simply create the file




    And on my systems in the past I tended to create the file




    in which I placed the usernames I allowed to FTP into my box, as it would change their root directory to their home directory (before OS X offered this "services only" option).  This prevented them from "breaking out" and seeing more of the file system than necessary.

  • atl_nate83 Level 1 (0 points)

    Worked like a charm.  Thanks

Previous 1 2 Next