similar to: vsftpd rejects users set to nologin

On Thu, 10 Jan 2019 at 16:09, Kenneth Porter <shiva at sewingwitch.com> wrote: > I updated to CentOS 7.6 and something must have changed in the base OS > setup that prevents vsftpd from allowing logins for accounts with > /sbin/nologin as their shell. I had to add that to /etc/shells so that > such > accounts could FTP again. That file is in the setup package. Did it >

--On Thursday, January 10, 2019 4:17 PM -0500 Stephen John Smoogen <smooge at gmail.com> wrote: > So I think this is a side effect of a long term argument of the security > nature of /sbin/nologin > > https://serverfault.com/questions/328395/nologin-in-etc-shells-is-dangero > us-why > https://lists.fedoraproject.org/archives/list/devel at lists.fedoraproject.o >

More digging (now that I have a better handle on how to ask the question) reveals this bug against documentation and release notes for 7.6 to alert updaters about this breaking change for vsftpd: https://bugzilla.redhat.com/show_bug.cgi?id=1647485 The last comment there, #15 by "Roy": > For a workaround to vsftpd login failures that doesn't expose your system > to the

My vsftpd was working. I use it configured via xinetd and turn it off (disabled = yes) when I'm not using it to keep the bad guys from hammering on it. Recently I upgraded to 4.2 (via yum update). That' the only change I know of on the system. And I didn't have any problems with it. Today when I try to ftp, i enabled it in xinetd.d (with disable = no and a "service

Followup: I gave up on the Implicit and configured vsftpd for Explicit, that revealed some configuration errors (displayed on the client, Filezilla in my case). I then corrected these errors and switched back to Implicit and all is well. Frank M. Ramaekers Jr. -----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Kenneth Porter Sent: Thursday, May 31, 2018

On Mon, Jan 7, 2019 at 5:49 PM Kenneth Porter <shiva at sewingwitch.com> wrote: > On 1/6/2019 10:51 PM, Kaushal Shriyan wrote: > > the product does not support the latest CentOS Linux > > release 7.6.1810 (Core) version as of now. > > What product and what, specifically, about 7.6 does it not support? > Could you not just exclude the incompatible packages? You could

In article <68ce2ebfe8545ef4eda869657c72b9be.squirrel at webmail.bi.invoca.ch>, Simon Matter via CentOS <centos at centos.org> wrote: > > On Mon, Jan 7, 2019 at 5:49 PM Kenneth Porter <shiva at sewingwitch.com> > > wrote: > > > >> On 1/6/2019 10:51 PM, Kaushal Shriyan wrote: > >> > the product does not support the latest CentOS Linux >

I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990). (The latest instructions I've used are at: https://www.unixmen.com/configure-vsftpd-ssltls-centos-7/) Using Filezilla client, I get: Error: GnuTLS error -15: An unexpected TLS packet was received. Error: Could not connect to

I need to set up some (err, a lot) of user accounts for (pop) mail and ftp access purposes. But disallow shell login access. What I can do to achieve this - and it works well - is to create a small script, thus: #!/usr/bin/tail +6 # # /etc/NOSHELL # # Login shell to prevent shell access for user accounts # ######################################################################### #

Hi folks, I can't seem to log into my system via vsftpd. All other services using PAM are fine...Am I missing something simple? ftp> user (username) user 331 Please specify the password. Password: 530 Login incorrect. # getenforce Permissive here is the event in /var/log/audit/audit.log: type=USER_AUTH msg=audit(1247235151.569:9781): user pid=21052 uid=0 auid=0

Hi, I've tried to use the "nologin" extra password-db field as specified here: https://wiki.dovecot.org/PasswordDatabase/ExtraFields/NoLogin Due to lack of exact documentation, I've tried to use `nologin`='y' for users that can't login, and setting `nologin`='n' for normal users. Apparently setting it to NULL for normal users would have been correct, as

I am running Dovecot with system users (userdb passwd), but some of those users don't have shell accounts on the IMAP server so their shell on that machine is set to /usr/sbin/nologin. Currently I am using maildirs and this is not a problem, but I am in the process of switching to dbox which means I will need a cronjob running 'doveadm purge -A'. During testing I found that those

Attached is a patch to be applied with GNU patch -p0, notice that configure needs to be regenerated. The patch addresses the following annoyances: * On AIX there is a signal called SIGDANGER which is sent to all processes when the machine runs low on virtual memory. This patch makes sure that this signal is ignored, because the default on older AIX releases is to kill the running process

Dear all, Please find my logwatch results for vsftpd service. i am running updated vsftpd on centos-4.1 and still i am getting some probes. Could someone put some light on this issue. I am little worried about these probes. Processing Initiated: Wed Jan 31 05:21:37 2007 --------------------- vsftpd-messages Begin ------------------------ Failed FTP Logins: (218.208.60.33):

greetings today i was expanding my knowledge of vsftpd on a low traffic CentOS 4 production environment server i have fyi, i was working on learning to setup a chroot environment by the simple editing of /etc/vsftpd/vsftpd.conf so, as i normally do when i start making changes i did this cd /etc/vsftpd/ cp -a vsftpd.conf bak-vsftpd.conf then i made the edits in /etc/vsftpd/vsftpd.conf that i

Hi developers, today I tried to disable logins to an ssh server by putting a nologin file into /etc. This only worked for logins that use the password authentication mechanism. publickey-based authentications still succeeded and the users were allowed into the system. This seems straightforward to me since openssh 4.3 disabled the evaluation of /etc/nologin in favour of pam_nologin but

Hi ALL I'm using vsftpd as FTP server, and I'd like to chroot my FTP users to their home dir. How can I do it? i.e. "jailing" them in their home dir... at the moment I have the following issues the user when they login to ftp server they go to the main directory /var/ftp/ /etc/passwd ... sdc:x:501:501::/var/ftp/sdc:/bin/bash ase:x:502:501::/var/ftp/ase:/bin/bash

I have a Bash script, currently run a couple times an hour from cron, that pulls data from an old Windows DB by rsync, converts it to SQL, and injects it into a MySQL DB for display in a LAMP-based app. (Make and Perl are also involved to minimize the number of tables touched and to clean up the SQL generated by Pxlib.) I'd like to add the ability to refresh the data immediately from the

On 4 Oct 2017 3:13 pm, "Kenneth Porter" <shiva at sewingwitch.com> wrote: On 10/3/2017 8:14 PM, Phil Manuel wrote: > systemd-networkd doesn't use those files at all. > > If you look at the appropriate ifcfg files eg > /etc/sysconfig/network-scripts/ifcfg-em1 do you see IPV6_FAILURE_FATAL=no > ? > Where does systemd-networkd store its settings, then?

My apologies if this has already been discussed. I looked through the mailing list archives and couldn't see any mention of this problem. I compiled and installed openssh-2.3.0p1 on a sparc running SunOS 5.7, and while I was testing it to make sure everything was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I