Monday, November 22, 2010

vsftpd check_shell

So, I wanted to give a restricted SSH access to www-data to be able to write in /var/www. So I did. Unfortunately, the ones who were supposed to use that account, they use WinSCP, and rssh is not that compatible. rssh works well with scp command line utility from Linux, but they're Windows lovers. So I had to give them a ftp account to that same folder, and with the same account - www-data. So I installed vsftpd, with apt-get install vsftpd. I enabled local users, write permission and all that. And then tried to login using www-data and the password I've set up. Nothing. Login incorrect. I retype password, reset the password. Nothing! After googling around, I found out that it needs a valid shell, and you can disable it by entering check_shell=NO. But "Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins."

So, considering most of installation are PAM based, this option is useless. So, in my case, I had to add rssh shell to /etc/shells. Reboot the server (source might work, too) and now I can login through ftp using www-data account, and I can also use rssh with the same account.

No comments:

Post a Comment