Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

ftp: error 530 user <username> access denied

SOLVED
Go to solution
Louis Ingalls
Occasional Visitor

ftp: error 530 user <username> access denied

I am not the Unix admin here at PPD but an Oracle DBA. One message in the knowledge base had to do with this same problem I'm having but it applied to 10.2 and we are running 11.0 I checked for the /etc/shells files as instructed but there is no /etc/shells file. I am not trying to allow anonymous FTP which the article seemed to address.

On one database server the userid "oracle" can successfully use FTP but whan I asked the admin to add another user he did not know how. We recently installed another database server and tried to FTP using the "oracle" account and got error listed above?

I have looked at the FTPD man pages and it seems only to address how to deny FTP access or allow anonymous FTP which I am not trying to do.

Any help would be greatly appreciated.
12 REPLIES
Vincenzo Restuccia
Honored Contributor

Re: ftp: error 530 user <username> access denied

You can see /var/adm/inetd.sec
Berlene Herren
Honored Contributor

Re: ftp: error 530 user <username> access denied

The 530 error is generally caused by a lack of the /etc/shells file, which you create.

Telnet into the server and type
#env
This will tell you the shell the server is trying to use when accessing via ftp.

See man page on getusershell for list of shells to add, or add the one that env is displaying.

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
Marcel Boon
Trusted Contributor

Re: ftp: error 530 user <username> access denied

Hi,

Which shell do you use ? (vipw /etc/passwd)
This could be the problem, is these shell configured in the /etc/shells ?

Marcel

See the man pages
Edward Sedgemore
Trusted Contributor

Re: ftp: error 530 user <username> access denied


We have an 11 ftp server which is secure and we do not need /etc/shells for ftp access.

ftp is pretty straightforward to setup on 11, even if the ftp server is a secure server, as one of ours is.

1. Ensure the ftp account you are using can login normally to the ftp server using telnet. This confirms passwd entry is correct (login/pwd/shell etc.)

2. Now ensure the ftpd daemon is activated on the ftp server by looking for the following line in /etc/inetd.conf

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -v -L

(ensure its uncommented).

3. Now test doing an ftp to the server using the login and password you just tested. Does it work ? If not check the /var/adm/syslog/syslog.log file on the ftp server for further info on why it failed.

Mark Mitchell
Trusted Contributor

Re: ftp: error 530 user <username> access denied

Your administrator would need to add your user id to the ftpusers file.
Steven Sim Kok Leong
Honored Contributor

Re: ftp: error 530 user <username> access denied

Hi,

Check your /etc/shells as indicated. to verify, once you logged onto the server as the userid (who failed to ftp), run the following to populate your /etc/shells (I understand that your /etc/shells is empty):

# echo `grep "$LOGNAME:" /etc/passwd|awk -F: '{print $7}'` > /etc/shells

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
Email: steven@beepz.com. Homepage: https://www.beepz.com
Joseph C. Denman
Honored Contributor

Re: ftp: error 530 user <username> access denied

Mark is incorrect. ftpusers is used to deny users. Do not add your user to this file.

???You SA did not know how to add a user??? Need new SA!!

I agree as above, add your shell to the /etc/shells file. Ensure ftpd daemon is running (ps -ef | grep ftpd).

...jcd...
If I had only read the instructions first??
Shannon Petry
Honored Contributor
Solution

Re: ftp: error 530 user <username> access denied

I have seen this error lots as well. Out of curiosity, what kind of UNIX admin does not know how to add a user?

I have a on-line FTP FAQ which addresses most issues for standard and wu-ftp. In 11.X you may have either. The on-line FAQ can be found at "http://www.invenioeng.com/systems/ftpd_faq.html"

Someone else mentioned that they dont have to create /etc/shells and it works has a small flaw in logic.
HP's standard FTPD (Ft. Knox) uses system default shells of "/usr/sbin/csh, /usr/sbin/sh, /usr/sbin/ksh, /sbin/sh" only. If a lazy admin types in /bin/sh as a log in shell, then that person will be denied access.

You can follow the recommendation of populating /etc/shells by parsing the /etc/passwd file, but I would not recommend this as you may have anonymous access accidentally available. If your admin can't add a user then God only knows what may be screwed up on that system........



Regards,
Shannon
Microsoft. When do you want a virus today?
Steven Sim Kok Leong
Honored Contributor

Re: ftp: error 530 user <username> access denied

Hi,

Current FTPD implementations on HP-UX make use of WU-FTPD, alike that used in RedHat Linux.

By default in HP-UX, anonymous FTP access is not allowed. Unlike in RedHat Linux where there exists an ftp account for anonymous ftp, there is no ftp account residing in HP-UX, which is the default.

For the ftp account in RedHat Linux, notice in the /etc/passwd that it does not come with any login shell. If this ftp account is commented out from /etc/passwd, anonymous ftp will no longer work ie. no password (including any email addresses) would be valid for anonymous.

If anonymous ftp has been configured in your HP-UX system, since it does not have a login shell, entries in /etc/shells would not affect it.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
Email: steven@beepz.com. Homepage: https://www.beepz.com
Steven Sim Kok Leong
Honored Contributor

Re: ftp: error 530 user <username> access denied

Hi,

Guess I have to correct myself.

I am wrong about the ftp account on HP-UX not having a login shell. It does have one ie. /usr/bin/false. /usr/bin/false returns the exit code of 1.

This is different from RedHat Linux's wu-ftpd which omits the login shell entirely for the ftp account.

Sorry for the mistake. Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
Email: steven@beepz.com. Homepage: https://www.beepz.com
Shannon Petry
Honored Contributor

Re: ftp: error 530 user <username> access denied

Steve,

Your correct about the implementation, and that their should be no problem parsing /etc/passwd to build a shell file. You are also right that their is by default no entry in /etc/passwd for ftp which would allow anonymous access (depending on the rest of the config).

However, I (myself) would not trust this concept to a facility who's admin does not know how to create an ID. By default SAM->Accounts+->users created ID's should be able to FTP to that system. This admin may have been reading somewhere that for anonymous access, to put an entry for ftp into passwd, and perhaps many other security weak ID's as well to try and make things work.

If it is plain old out of the box HP-UX 11.0 you are absolutely correct. However it is obvious since users can not ftp that ID's were not all created with SAM, and/or had modified shells when they were created, and/or had wu_ftp added from the porting center, and/or any other number of things done which may cause problems.

Dont want to argue, and I am not saying you are wrong, just that other considerations should at least be contemplated!


Shannon
Microsoft. When do you want a virus today?
Mark Mitchell
Trusted Contributor

Re: ftp: error 530 user <username> access denied

Correction, I use a script that throws everyone who is not listed on it into the ftpusers file. The normal set up is kind of backwards to where you have to tell the system who not to give access to or leave it blank and everyone has access. So I would start by looking at the file and see if the user id needs to be removed.