LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 08-15-2003, 12:16 PM   #1
jgilels
LQ Newbie
 
Registered: Jun 2003
Location: Texas
Posts: 10

Rep: Reputation: 0
How do I make ftp up- and downloads the only thing a restricted user can do?


This requirement is interesting. My client is using Internet Explorer to ftp://[username]@NNN.NNN.NNN.NNN (ip address). When permitted full access, it's a no-brainer and works just as expected.

When there's a restricted shell (bash -r), it doesn't even complete the login. How do I allow him to ftp up and down, but that's IT? Or, is there some other "almost as restricted" way to do this that I haven't seen anyone yet discuss?
 
Old 08-15-2003, 01:53 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Don't give them a real shell to work with.

When I setup FTP users on my server that I don't want the ability to login in any other way to the machine, I give them a shell of /bin/false as I specified in /etc/shells. This locks them to only using FTP commands to upload and or download from directories they have access to.

Another good idea is if you want to restrict them from browsing any other directories instead of their home and sub directories in their home, you can look into chroot.
 
Old 08-15-2003, 02:16 PM   #3
jgilels
LQ Newbie
 
Registered: Jun 2003
Location: Texas
Posts: 10

Original Poster
Rep: Reputation: 0
I don't understand what you mean when you say, "as I specified in /etc/shells." I looked there, and added /bin/false. But, then what?

Thanks for the quick feedback.
 
Old 08-15-2003, 02:38 PM   #4
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
After adding /bin/false to /etc/shells, you just specify /bin/false as the users in question default shell, either when creating the user or editing their entry in /etc/passwd
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Very slow FTP downloads with Proftpd goozlq Linux - Networking 2 01-24-2005 04:32 PM
Setting Up a Restricted User Account MClayton Linux - Networking 2 10-19-2004 12:31 PM
how to make that ftp user could upload files, but not to delete! spotass Linux - Newbie 4 06-12-2004 07:11 PM
Invoking NT Domain user authentication for restricted web pages explorer Linux - Networking 1 10-08-2003 06:19 AM
SSH user IP restricted access??? ifm Linux - Security 3 07-21-2002 12:01 PM


All times are GMT -5. The time now is 08:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration