By Noxxxx from https://www.noxxxx.com/?post_type=post&p=1558
欢迎分享与聚合,尊重版权,可以联系授权
最近有个需求要开放 FTP 服务给别人下载日志,因此装上了 vsftpd。但是在登录过程中提示 530 Login incorrect
。查阅了一些资料记录一下解决方法。
这里采用系统本地用户控制登录权限,因此大部分的教程都会让你添加本地用户:
useradd -d /home/ftp/testUser testUser
添加后的结果, 使用 cat /etc/passwd
testUser:x:1000:1000::/home/ftp/testUser:
如果使用 adduser testUser
添加一个用户
testUser:x:1000:1000:,,,:/home/testUser:/bin/bash
末尾多了/bin/bash
的配置内容,而这个决定了 vsftpd 的用户能否 ftp 登录。
直接编辑 vim /etc/passwd
加上
/usr/sbin/nologin
# 或者
/bin/false
即可,它们的含义都是不让这个用户拥有 ssh
登录系统的权限,关于这两个的区别:
When
https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#:~:text=%2Fbin%2Ffalse%20is%20just%20a,logged%20out%20when%20false%20exits./sbin/nologin
is set as the shell, if user with that shell logs in, they’ll get a polite message saying ‘This account is currently not available.’ This message can be changed with the file/etc/nologin.txt
./bin/false
is just a binary that immediately exits, returning false, when it’s called, so when someone who hasfalse
as shell logs in, they’re immediately logged out whenfalse
exits. Setting the shell to/bin/true
has the same effect of not allowing someone to log in butfalse
is probably used as a convention overtrue
since it’s much better at conveying the concept that person doesn’t have a shell.
Looking atnologin
‘s man page, it says it was created in 4.4 BSD (early 1990s) so it came long afterfalse
was created. The use offalse
as a shell is probably just a convention carried over from the early days of UNIX.nologin
is the more user-friendly option, with a customizable message given to the user trying to log in, so you would theoretically want to use that; but bothnologin
andfalse
will have the same end result of someone not having a shell and not being able to ssh in.