ejs@goldhill.com (05/09/89)
Since installing SunOS 4.0.1, we've have "access denied" problems attempting to FTP to our Suns. The scenario is as follows: ! ftp goddard Connected to goldhill.com 220 goddard FTP server (SunOS 4.0) ready Name (goddard:ejs): !ejs 530 User ejs access denied. Login failed. ftp> !quit If, instead of "ejs", we substitute other legitimate users, some succeed (and prompt for password) and others don't. I haven't been able to detect a pattern for those users who can use FTP and those who can't. Some users who can FTP use csh and others user tcsh. Some users are in different groups. But nothing seems common. Even "root" can't FTP. I've even tried to turn on debugging and logging of all *.debug messages and although a message is sent to the logger indicating "access denied", there is nothing more explicit in the log messages. Eric Swenson Gold Hill Computers, Inc 26 Landsdowne Street, 4th Floor Cambridge, MA 02139 (617) 621-3405 [[ First off, if a user is using a shell other than /bin/sh and /bin/csh, then they will not be able to FTP. You need to create a file called /etc/shells which contains the name of ALL the legal shells (yes, including /bin/sh and /bin/csh) as they appear in the "login shell" field of the passwd file. This is certainly part of your problem, but may not be all of it. Second, ftpd will not authenticate a user who has a null password in passwd. Finally, there is the file "/etc/ftpusers". This file is supposed to contain a list of users who are explicitly not allowed to use ftp. This is described in the manual page "ftpusers(5)". Despite the fact that the manual page says the file should be in "/usr/etc", a strings of "in.ftpd" reveals the path name "/etc/ftpusers", leading me to believe that it is really looking for it there. --wnl ]]
ejs@goldhill.com (05/18/89)
Thanks to wnl for the answer to my FTP problem. I created an /etc/shells file listing all the shells that are in use at our site and FTP started working fine. Was /etc/shells documented? The man page for ftp and ftpd didn't mention this file. -- Eric [[ You have to read ftpd(8) verrrrry carefully. There's a paragraph that starts out "ftpd authenticates users according to three rules" and it enumerates those rules. Rule number 2 says that the user's shell must be "standard" as defined by getusershell(3). Guess what? You now have to go read getusershell(3) to find out what the criterion is. /etc/shells is documented there. Wonderful, huh? --wnl ]]