I recently bought an IP camera. (To be honest, I went on a bit of a shopping spree for IP cameras.)
These cameras support FTP as a storage mechanism for video and snapshots (motion-detecting for example).
As a result, I wanted to set up an FTP user on my FreeBSD machine.
Iniitally, I tried creating a user with a shell of /usr/sbin/nologin, but that doesn’t work for FTP. FTP users need to have a shell in /etc/shells.
I saw this post which talks about FTP requiring a shell in /etc/shells, and that adding /sbin/nologin is a bad idea. Instead, it recommends making a copy in /usr/local/bin/ and adding that copy to /etc/shells.
Instead, I made a link—in case (for some reason) there’s an update to /sbin/nologin, I want the FTP user to get an update.
ln -s /sbin/nologin /usr/local/bin/nologin-ftp-only
I then added
To be even more secure, I made the FTP user’s account chrooted by creating