LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-17-2008, 04:21 AM   #1
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Rep: Reputation: 34
deny access sftp to aaa user


I have a sftp server running on RedHat AS3 server and there is a user account aaa. What I want to do is to deny sftp access and allow ssh access to the particular user (aaa)

Can someone point me in the right direction.]

Regards
 
Old 01-17-2008, 04:29 AM   #2
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
To give a user ssh access to your server, create an account for them and make sure the ssh server is running and they have an ssh client.

To refuse ftp access, don't allow anonymous logins and blacklist the user (or run a whitelist).
 
Old 01-17-2008, 04:47 AM   #3
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
Hi thanks but thing is every who has a account can access sftp and ssh. I want a particular user account (lets say aaa account)must be able to ssh but deny if that account tries to sftp

Regards
 
Old 01-17-2008, 05:38 AM   #4
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Read the following:
http://www.debian-administration.org/articles/94
... usually you want to allow file access but not running commands. You seem to want the opposite. This seem a little self defeating as what is stopping a user running sftp from an ssh shell... or just cding into the file directory and using scp?

I thought you didn't want remote users gaining sftp access to your machine... now it seems you don't want local users to be able to use an ftp client from your machine. Which is it?
 
Old 01-17-2008, 08:49 PM   #5
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
Hi

I am sorry about the confusion let me explain the situation.

I have some java programs and these are executed by normal user. Lets say the user account is AAA then this AAA account should be able execute these java programs but not copy these files in any means.

1. This user AAA should be able to ssh to the server from remote machine and just execute the programs
2. This user AAA should be forbidden to sftp to sever from a remote machine.

Only this particular user AAA should be denied of sftp and allowed ssh to execuit the java programs rest of the users should be as default

Thanks

Best regards
 
Old 01-17-2008, 10:28 PM   #6
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Well.. don't serve the files in your ftp server. (you are not allowing remote users complete access right?)

Your remaining trouble will involve scp.

Why not keep the files in a location the user does not have access to, i.e. not in that users account, and have them use a script to execute the file? They can copy the script, but that doesn't do them any good.

Another issue is why you care that this user can copy your java files.
 
Old 01-17-2008, 11:07 PM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
If there is only one java program that is run, then you could look at having a per-user config entry ( using a "Match" segment ) in sshd_config that will run the java program after the user is authenticated ( "ForceCommand" option).

Last edited by jschiwal; 01-17-2008 at 11:08 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
deny a user access to specific command krock923 Linux - Security 7 10-11-2012 03:04 PM
User account with SFTP access only nsfx Linux - General 3 01-06-2008 06:52 PM
mySQL deny user access to database blizunt7 Programming 3 10-10-2007 09:34 AM
Deny user access to terminal/directory browsing intranet_man Linux - Networking 2 03-22-2006 12:04 PM
how to deny user to use ftp to access system ust Linux - Software 4 05-23-2005 08:39 PM


All times are GMT -5. The time now is 10:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration