Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
From what client (OS/version) are you doing the login to that server? What command are you using to do the login from your client?
What shell is in /etc/passwd on the server for the login user (myuser)? Is that shell in /etc/shells on the server?
P.S. You really ought to use sftp rather than ftps if at all possible. ftps is a bear to work with and is not as secure as sftp. sftp is native to Linux so if your source and your target are both Linux you really don't want to use ftps. Even if your client is MS-Windows you can install free tools like WinSCP on the client to talk to sftp on the Linux server.
Last edited by MensaWater; 06-17-2019 at 09:59 AM.
FTP client is : FilleZilla on Fedora release 26 (Twenty Six)
I never used vsftpd myself, but I don't think it will let you login with /sbin/nologon as the shell (it will get a non-0 status from it). See also:
Quote:
check_shell
Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins.
Default: YES
(from the man page of vsftpd.conf);
so even when it does allow it, the shell (/sbin/nologon) MUST be in the /etc/shells file on the server (and I do not know the rules for when PAM is active ON that server).
PS: you misspelled "myuser" in the /etc/passwd quote, but I take that's just a typing error in the post, not in the file itself.
cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
Code:
mysuer:x:1004:1004::/var/ftp/prnew:/sbin/nologin
FTP client is : FilleZilla on Fedora release 26 (Twenty Six)
There is no vsftp(d) log in /var/log.
User was made with adduser command. Before there was a much stronger pwd but now for 'easy' debugging I changed with "passwd myuser" to '123'.
I also use PHP ftp_ssl_connect() to use the FTP-account. Neither works any more.
Out of the box, CentOS 7 won't allow that short a password. The default minimum is 9 characters, if I remember correctly.
Also, as I recall, there is no warning if you try to set the shorter password...it just doesn't get changed. I never did figure out where that minimum length is set, I just figured out it was nine (9), and started using that minimum. I believe an error got logged in /var/log/messages or /var/log/secure when trying to set too short a password.
If you know the longer password (pwd is something else entirely), try that.
If you don't know it, try setting a password that's at least nine characters long, then try that.
EDIT Found where the minimum is set.
CentOS 7 uses pam authentication. The configuration file is /etc/security/pwquality.conf
Therein:
Code:
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
# minlen = 9
(emphasis added)
So, again, it's not a vsftpd issue, it's that you can't have a password of 123. Try the old one, or set a new one > 9 characters.
(But, I'll add my "vote" to not use ftp at all. You should use sftp)
I never used vsftpd myself, but I don't think it will let you login with /sbin/nologon as the shell (it will get a non-0 status from it).
ncftpd (a for-pay ftp server) will allow ftp login to users with /sbin/nologin for their shell, because, of course, an ftp login doesn't use a shell at all. So users with /sbin/nologin can use ftp but cannot connect to the server with ssh (or, ack!, telnet)...and I just learned that a user can even sftp with /sbin/nologin in /etc/passwd -- probably, again, because sftp also doesn't use a shell.
You need to add "/sbin/nologin" to /etc/shells file since that is the "shell" portion of the user's password entry.
Well, this indeed seems to be the solution.
Now what I don't understand is why my user 'myuser' was able to login before. There was no "/sbin/nologin" in the /etc/shells file before also.
If I look at the time that the login failure started to occur (at 10AM it still worked, at 2PM it didn't work anymore), I see the only action on the server that was made in that time-frame is an upgrade in the Let's Encrypt ssl-certificate.
It beats me how that can affect FTP-login stuff...
Now what I don't understand is why my user 'myuser' was able to login before. There was no "/sbin/nologin" in the /etc/shells file before also.
If I look at the time that the login failure started to occur (at 10AM it still worked, at 2PM it didn't work anymore), I see the only action on the server that was made in that time-frame is an upgrade in the Let's Encrypt ssl-certificate.
It beats me how that can affect FTP-login stuff...
Beats me too. /etc/shells has been a requirement for ftp (and ftps) and even for sftp if using non-standard shells for years. I have a note of configuring it for ftp back in 2006 on HP-UX then again for an sftp scponly setup in RHEL5 in 2010 and most recently for vsftp on RHEL6 in 2011 for ftps again. I have memories going back even further...
Anyway, glad I could help.
If you don't mind, please go to thread tools and mark this as Solved. It helps others in future to find questions with solutions on web searches.
Last edited by MensaWater; 06-17-2019 at 02:36 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.