Skip to content

Setting up an FTP-only user on FreeBSD

I recently bought an IP camera. (To be honest, I went on a bit of a shopping spree for IP cameras.)

These cameras support FTP as a storage mechanism for video and snapshots (motion-detecting for example).

As a result, I wanted to set up an FTP user on my FreeBSD machine.

Iniitally, I tried creating a user with a shell of /usr/sbin/nologin, but that doesn’t work for FTP. FTP users need to have a shell in /etc/shells.

I saw this post which talks about FTP requiring a shell in /etc/shells, and that adding /sbin/nologin is a bad idea. Instead, it recommends making a copy in /usr/local/bin/ and adding that copy to /etc/shells.

Instead, I made a linkā€”in case (for some reason) there’s an update to /sbin/nologin, I want the FTP user to get an update.

ln -s /sbin/nologin /usr/local/bin/nologin-ftp-only

I then added /usr/local/bin/nologin-ftp-only to /etc/shells.

To be even more secure, I made the FTP user’s account chrooted by creating /etc/ftpchroot.

Be the first to like.

Post a Comment

Your email is never published nor shared. Required fields are marked *