[comp.sys.sun] FTP

ejs@goldhill.com (05/09/89)

Since installing SunOS 4.0.1, we've have "access denied" problems
attempting to FTP to our Suns.  The scenario is as follows:

	! ftp goddard
	Connected to goldhill.com
	220 goddard FTP server (SunOS 4.0) ready
	Name (goddard:ejs): !ejs
	530 User ejs access denied.
	Login failed.
	ftp> !quit

If, instead of "ejs", we substitute other legitimate users, some succeed
(and prompt for password) and others don't.  I haven't been able to detect
a pattern for those users who can use FTP and those who can't.  Some users
who can FTP use csh and others user tcsh.  Some users are in different
groups.  But nothing seems common.  Even "root" can't FTP.

I've even tried to turn on debugging and logging of all *.debug messages
and although a message is sent to the logger indicating "access denied",
there is nothing more explicit in the log messages.

Eric Swenson
Gold Hill Computers, Inc
26 Landsdowne Street, 4th Floor
Cambridge, MA 02139
(617) 621-3405

[[ First off, if a user is using a shell other than /bin/sh and /bin/csh,
then they will not be able to FTP.  You need to create a file called
/etc/shells which contains the name of ALL the legal shells (yes,
including /bin/sh and /bin/csh) as they appear in the "login shell" field
of the passwd file.  This is certainly part of your problem, but may not
be all of it.  Second, ftpd will not authenticate a user who has a null
password in passwd.  Finally, there is the file "/etc/ftpusers".  This
file is supposed to contain a list of users who are explicitly not allowed
to use ftp.  This is described in the manual page "ftpusers(5)".  Despite
the fact that the manual page says the file should be in "/usr/etc", a
strings of "in.ftpd" reveals the path name "/etc/ftpusers", leading me to
believe that it is really looking for it there.  --wnl ]]

ejs@goldhill.com (05/18/89)

Thanks to wnl for the answer to my FTP problem.  I created an /etc/shells
file listing all the shells that are in use at our site and FTP started
working fine.  Was /etc/shells documented?  The man page for ftp and ftpd
didn't mention this file.

-- Eric

[[ You have to read ftpd(8) verrrrry carefully.  There's a paragraph that
starts out "ftpd authenticates users according to three rules" and it
enumerates those rules.  Rule number 2 says that the user's shell must be
"standard" as defined by getusershell(3).  Guess what?  You now have to go
read getusershell(3) to find out what the criterion is.  /etc/shells is
documented there.  Wonderful, huh?  --wnl ]]