How to authenticate user without shell access to ftp server vsftp without adding nologin in /etc/shells on RHEL 7.6.

Solution Verified - Updated -

Issue

  • With a user configured with nologin:

    # grep user1 /etc/passwd
    user1:x:1000:1000::/home/user1:/sbin/nologin
    
  • The user is not authorised to authenticate through ftp:

    $ ftp 192.168.122.155 
    Connected to 192.168.122.155 (192.168.122.155).
    220 FTP server - Authorized Use Only!
    Name (192.168.122.155:user): user1
    331 Please specify the password.
    Password:
    530 Login incorrect.
    Login failed.
    ftp> 
    
  • One solution is to re-add nologin in the list of shells but this will go against the CVE-2018-1113 described in the Root cause section, thus please don't do it if you don't want to be exposed to a risk:

    # grep login /etc/shells
    /bin/nologin
    

Environment

  • Red Hat Enterpise Linux 7.6
  • ftp
  • vsftp

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In