Can't create users without FTP access


We use Virtualmin version 3.68 Pro / proftpd / linux users.
the question is simply:
can we create users without FTP acc?

Now, if we select Email only access for a user, then they can login to their home via FTP as well.

We use /etc/ftpusers file, but webmin do not add the email only users there.

I know it’s not a realy big issue i’m just intrest about it.

A little bit other issue:
Can we disable the default server administrator user FTP acc?
I read a topic about it in the forum, but no solution there.
It’s totaly useless i think, and it’s colud be a little security problem.


I’d recommend just disabling FTP altogether, if you’re going to turn it off for virtual server owners. :wink:

But, FTP access is determined by the users shell, by default. If it’s in the list of shells in /etc/shells, it’s an FTP-capable account. If it isn’t, it’s not.

It would be trivial to write a script for Virtualmin to run to update your ftpusers file, if it doesn’t know how to deal with it already (I seem to recall support was added a couple of years ago, but it’s been a long time, and I don’t use FTP, so I’m not sure).

We do not grant shell access to any customer on the servers. All of them are on /bin/false.

Ok. So the only solution for it a handmade script right?

We can use Mailbox Variables $FTP and Domain Template Variables $USER to detect the permissions for the users. am i understood well the things?



Well, to clarify, all users on any system have a “shell” set for them. A shell can be something like /bin/false, which doesn’t allow them to log in on the command line like bash allows.

To paraphrase what I think you’re saying – your customers use /bin/false as their shell, and you want to disable their access to FTP.

Are there any users with /bin/false as their shell who should have FTP access?

If not – if all /bin/false users should be preventing from using FTP, you could simply remove "/bin/false" from /etc/shells.

Another option would be to set new Virtual Server owners to use /dev/null as their shell (that can be done in System Customization -> Custom Shells).