How to bind users to their home directories?

trees · 09-14-2004, 03:30 PM

Greetings,

We have a server running samba, ftp, and a bunch of other things.
When create an ftp/samba user, I also have to create a linux user.

That user can log in and browse through the system, and sometimes we forget to change permissions of certain files, so they can actually be viewable.

Is there a way to create a group (samba/ftp), and set the users in that group to be bound to their home directories?

I remember seeing something like that when doing the initial linux setup, but I don't remember what it was.

Thanks

r0b0 · 09-15-2004, 09:26 AM

You could use some chroot settings, but I guess this will not be worth the effort. Just set the permissions in top level directories restrictively, and you won't have to worry about forgetting to set up permissions on individual files/directories.

btmiller · 09-15-2004, 02:32 PM

When you create the account, you can set the user's shell to something that can't actually login, e.g. /sbin/nologin. Samba should still work, but the user won't be able to actually login to a shell on the Linux machine (they may be able to FTP in, depending on how stuff is set up).

trees · 09-15-2004, 02:44 PM

I just tried it, and it's pretty much exactly what I was looking for, except that FTP login doesn't work (I'm using wu-ftpd).

Is there a limited shell that I can use in the similar way that can FTP?

Thanks

flashingcurser · 09-15-2004, 07:27 PM

If you look around you will find mysql backend authentication for various ftp deamons. I use proftp with mysql back end, it authenticates fine, keeping group id's, user id's, and change roots individual home directorys. No shell accounts.

Google for mysql proftp.

btmiller · 09-15-2004, 10:34 PM

Wu-ftpd checks and makes sure a user's shell is in /etc/shells before it lets them login. If the login shell isn't in there, then no FTP access. What I sometimes do is add /bin/true to /etc/shells and then make it a user's shell. It won't let the user have shell access, but wu-ftpd will let them in.

trees · 09-16-2004, 05:32 PM

Alas! It is exactly what I was looking for!

Many thanks