In former times (as in before Debian Wheezy), you could install FTP as ftpd. It was a neat little tool that came with no extra software and allowed this scenario:
Take a local user, allow him chrooted FTP access to a directory (specified as his home directory) without allowing him SSH/command line access. This was accomplished by adding the user to the /etc/ftpchroot file, then taking away his command line interpreter in /etc/passwd (change from /bin/bash to /bin/false).
However, now Debian comes with a new FTP daemon that installs a needlessly complicated superserver which no other service uses (openbsd-inetd). The configuration has changed somehow, and I'm looking for a way to get the old behaviour back.
I've so far set up VSFTPD, but cannot get the FTP access to work when the interactive shell for the local user is /bin/false, as the daemon refuses to let the user log in. It works fine while /bin/bash is the shell interpreter, but that has the problem that the user could theoretically connect to the system using SSH, something that I surely do not wish.
Is there any way to get either the old configuration (local user, FTP yes, SSH no, CHROOT) back with any other software?
Best Answer
Check the file /etc/pam.d/vsftpd, the pam service for vsftpd uses pam_shells.so
pam_shells.so
you only need to add /bin/false to /etc/shells file