Quick tip for vsftpd and CentOS

I rarely manage FTP servers.  The mere thought of them gives me shivers up and down my spine.  But occasionally, I have to deploy one for one reason or another.  

Here’s a quick tip for you. 

If you’re using vsftpd like me, you might find that you want to create accounts with access to FTP, but not to the shell (no ssh access, for example).  So you might naively want to define the user’s shell as /bin/false in /etc/passwd.

Unfortunately, that will block the user’s access to vsftp as well as ssh.  Instead, under RHEL and CentOS, you should use /sbin/nologin, which will block the ssh access, but continue to allow FTP access.

Even better, as I saw in one forum, you might make a symlink to /sbin/nologin and call it /sbin/ftp_only.  You’ll have to add /sbin/ftp_only to /etc/shells so it will be recognized as a valid shell.  But the advantage here is that you’ll be able to distinguish your FTP-only accounts from accounts that have been disabled for one reason or another.

Leave a comment

Your email address will not be published. Required fields are marked *