• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1669
  • Last Modified:

FTP access denied : Linux

I am trying to FTP into a Linux SERVER but get " 530 Permission Denied". I logged into the server and checked if vsftpd was running and it is running.

Also I have the user existing in /etc/passwd and have home directory but when I type in "su - user" it says
"This account is currently not available"

Copy of vsftpd attached
# Example config file /etc/vsftpd/vsftpd.conf
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# Uncomment this to allow local users to log in.
# Uncomment this to enable any form of FTP write command.
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# Activate logging of uploads/downloads.
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
# You may override where the log file goes if you like. The default is shown
# below.
# If you want, you can have your log file in standard ftpd xferlog format
# You may change the default value for timing out an idle session.
# You may change the default value for timing out a data connection.
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
# You may fully customise the login banner string:
ftpd_banner=Access to this Computer System is Strictly Regulated and Subject to Criminal Prosecution
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
# (default follows)
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (default follows)
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!


Open in new window

  • 3
  • 3
  • 2
  • +1
1 Solution
> su - user" it says "This account is currently not available"
Please post the following result
# grep <user> /etc/passwd
# grep <user> /etc/shadow
mnis2008Author Commented:
here is the output

# grep lmcma /etc/passwd
# grep lmcma /etc/group
> lmcma:x:57590:57590::/home/lmcma:/sbin/nologin
the default shell for that account is /sbin/nologin.

Change to /bin/bash
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

mnis2008Author Commented:
We wantedly specified as nologin as they just need to connect the servers for only FTP. I have changed the nologin to bash and tested and its working. but now is the "503" issue
mnis2008Author Commented:
Here is what I see in the log

Sat Apr 30 00:23:02 2011 [pid 9414] FTP command: Client "", "USER lmcma"
Sat Apr 30 00:23:02 2011 [pid 9414] [lmcma] FTP response: Client "", "530 Permission denied."
Sat Apr 30 00:23:02 2011 [pid 9414] FTP command: Client "", "PASS <password>"
Sat Apr 30 00:23:02 2011 [pid 9414] FTP response: Client "", "503 Login with USER first."
Kerem ERSOYPresidentCommented:

will you check the contents of /etc/vsftpd.chroot_list . It should contain only the root since you've allowed chroot if the user is listed in this file it will not be permitted to login.

Also please post the output of getenable command to see it SELinux is active.

Hmm, can you check permissions on folder?

 did do it accessable for vsftpd, and add lmcma to vsftpd group

Kerem ERSOYPresidentCommented:
According to the logs you've sent:

> Sat Apr 30 00:23:02 2011 [pid 9414] FTP command: Client "", "USER lmcma"
You send your username.

> Sat Apr 30 00:23:02 2011 [pid 9414] [lmcma] FTP response: Client "", "530 Permission denied."

Normally you should get specify password message even if this is a non existing user . Bu you get deny message.. This would only happen when this user is banned for login. i.e., the user name is listed in chroot_list  file. This is why I'm requesting you to post the contents of the file.
Kerem ERSOYPresidentCommented:
Also you have


directive. When this directive is active any user name appearing in user_list will be denied access... Please check the contents of both files and make sure that your username (lmcma) is not listed in both.



Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now