Hi Jörg.. this bug are very rare.. in my system i have invalid shells
for the users.. so i disabel the shell in pam..
after a weekend i found in vsftp documentation that the shells are
verified by the vsftpd, the option corresponding are check_shell and i
cited the manpage:
check_shell
Note! This option only has an effect for non-PAM
builds of vsftpd. If disabled,
vsftpd will not check /etc/shells for a valid user shell
for local logins.
Default: YES
2015-11-13 16:03 GMT-04:30 Jörg Frings-Fürst <deb...@jff-webhosting.net>:
> I have test vsftpd on a fresh installed Debian testing and I can't
> reproduce this bug.
For this u must mark with invalid shell all users or the user, and
make local users login enabled
>
> Is this ok: After comment out the line "auth required pam
> _shells.so" the user can login?
YES! but now with the option in config file "check_shell" to "NO"
works, this its the right thing, my users does not have login shell
and login are disabled!
>
> To reproduce this bug I want to build a system like yours.
>
> Please can you send direct to my mail address:
>
> Your vsftpd.conf,
> all files from /etc/pam.d,
> the output of dpkg --get-selections.
Not necesary, solved with added to config file the check_shell=NO
To reproduce the only u must done are setup all users have /bin/false
or /bin/none as shell (invalid shell or no login capable) .. the pam
module also the vsftp itselft try to verify valid shell (see
documentation), but this must be documented if users have special
restrictions, and maybe must be foward upstream to the FAQ of the
vsftp.. due its a common problem that happened due lack of
documentation!
For reproduce to u, u must setup users with no login capabilites
(disable login, or invalid sehlls)
