FTP access denied : Linux

Posted on 2011-04-29
Last Modified: 2012-05-11
I am trying to FTP into a Linux SERVER but get " 530 Permission Denied". I logged into the server and checked if vsftpd was running and it is running.

Also I have the user existing in /etc/passwd and have home directory but when I type in "su - user" it says
"This account is currently not available"

Copy of vsftpd attached
# Example config file /etc/vsftpd/vsftpd.conf
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
# Uncomment this to allow local users to log in.
# Uncomment this to enable any form of FTP write command.
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# Activate logging of uploads/downloads.
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
# You may override where the log file goes if you like. The default is shown
# below.
# If you want, you can have your log file in standard ftpd xferlog format
# You may change the default value for timing out an idle session.
# You may change the default value for timing out a data connection.
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
# You may fully customise the login banner string:
ftpd_banner=Access to this Computer System is Strictly Regulated and Subject to Criminal Prosecution
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
# (default follows)
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (default follows)
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!


Open in new window

Question by:mnis2008
    LVL 38

    Expert Comment

    > su - user" it says "This account is currently not available"
    Please post the following result
    # grep <user> /etc/passwd
    # grep <user> /etc/shadow

    Author Comment

    here is the output

    # grep lmcma /etc/passwd
    # grep lmcma /etc/group
    LVL 38

    Expert Comment

    > lmcma:x:57590:57590::/home/lmcma:/sbin/nologin
    the default shell for that account is /sbin/nologin.

    Change to /bin/bash

    Author Comment

    We wantedly specified as nologin as they just need to connect the servers for only FTP. I have changed the nologin to bash and tested and its working. but now is the "503" issue

    Author Comment

    Here is what I see in the log

    Sat Apr 30 00:23:02 2011 [pid 9414] FTP command: Client "", "USER lmcma"
    Sat Apr 30 00:23:02 2011 [pid 9414] [lmcma] FTP response: Client "", "530 Permission denied."
    Sat Apr 30 00:23:02 2011 [pid 9414] FTP command: Client "", "PASS <password>"
    Sat Apr 30 00:23:02 2011 [pid 9414] FTP response: Client "", "503 Login with USER first."
    LVL 30

    Expert Comment

    by:Kerem ERSOY

    will you check the contents of /etc/vsftpd.chroot_list . It should contain only the root since you've allowed chroot if the user is listed in this file it will not be permitted to login.

    Also please post the output of getenable command to see it SELinux is active.

    LVL 4

    Expert Comment

    Hmm, can you check permissions on folder?

     did do it accessable for vsftpd, and add lmcma to vsftpd group

    LVL 30

    Expert Comment

    by:Kerem ERSOY
    According to the logs you've sent:

    > Sat Apr 30 00:23:02 2011 [pid 9414] FTP command: Client "", "USER lmcma"
    You send your username.

    > Sat Apr 30 00:23:02 2011 [pid 9414] [lmcma] FTP response: Client "", "530 Permission denied."

    Normally you should get specify password message even if this is a non existing user . Bu you get deny message.. This would only happen when this user is banned for login. i.e., the user name is listed in chroot_list  file. This is why I'm requesting you to post the contents of the file.
    LVL 30

    Accepted Solution

    Also you have


    directive. When this directive is active any user name appearing in user_list will be denied access... Please check the contents of both files and make sure that your username (lmcma) is not listed in both.



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
    It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now