vsftpd /bin/false check_shell=NO pam hack

With default configuration of vsftp (vsftpd.conf under /etc) users with no shell or /bin/false shell are not able to login vsftpd ftp server. This is because vsftpd.conf includes such a line to enable pam module.


This line points to which pam service name will be applied. Pam configuration related to vsftpd is then /etc/pam.d/vsftpd.
This pam file contains a file such as:

auth   required        pam_shells.so

This means basically only the users who have valid shells will be authenticated. Setting the shell to /bin/false of a user simply means that this user will not be able to login the system via vsftpd. (ftp service).

To enable users with no valid shell to login the ftp server, commenting out this line in /etc/pam.d/vsftpd file will be sufficient.

coded by nessus