2 Replies Latest reply: Feb 2, 2013 9:31 PM by macmartin
macmartin Level 2 (495 points)

Hello together,


I want to set up a user who can only use ftp.


I already tried to add a user with dscl:


AppleMetaNodeLocation: /Local/Default

AuthenticationAuthority: ;Kerberosv5;;scanner@LKDC:SHA1.89A0693B6B330B6432D695445AAA8E38FE88DF93;LKDC:SH A1.89A0693B6B330B6432D695445AAA8E38FE88DF93 ;ShadowHash;HASHLIST:<SALTED-SHA512,SMB-NT,CRAM-MD5,RECOVERABLE>

GeneratedUID: 7BFB0F8A-82A0-4E07-BB99-BFD45ADC2F76


/Shared Items/90_Scans

Password: ********


<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">












PrimaryGroupID: 20

RealName: Scanner

RecordName: scanner

RecordType: dsRecTypeStandard:Users

UniqueID: 999

UserShell: /bin/false


But when I try to login via ftp I get:


Connected to bigmac.mydomain.com

220 FTP server (tnftpd 20100324+GSSAPI) ready.

331 User scanner accepted, provide password.


530 User scanner may not use FTP.

ftp: Login failed


What am I doing wrong?


Thanks in advance


  • Camelot Level 8 (46,650 points)

    For the raw answer:


    cat /etc/shells


    and note the comments at the top of the file, notably:


    # List of acceptable shells for chpass(1).

    # Ftpd will not allow users to connect who are not using

    # one of these shells.


    Since you set your UserShell to /bin/false, and /bin/false is not listed as a valid shell in /etc/shells, your user cannot log in to the server.


    Typical OSes include a dummy shell, typically /bin/ftponly or /sbin/nologin which you can use for such accounts, but you'll still need to add them to /etc/shells if they're not listed there.

  • macmartin Level 2 (495 points)

    Thank you.

    This helped.


    Best regards