vsftpd question, regarding shells

hunterhunter · 03-27-2006, 01:28 PM

When I set a user's shell to /bin/false they can't login using ssh.
When I set it to /bin/bash the user can get in, however, the user can also travel up the tree all the way to /

What gives? I have it set to chroot them, why does it work with bash but not the false shell?

I have vsftpd set to not check for a valid shell either.

Thanks!

demented_are_go · 03-27-2006, 01:49 PM

because /bin/false means that the user will not login, it'll ask you for a password then drop the connection, it's logical no?

hunterhunter · 03-27-2006, 01:51 PM

No. With proftpd it works fine with /bin/false
I think /bin/false is only so that the user cannot execute shell commands. Only ftp commands are accepted.

gilead · 03-27-2006, 01:52 PM

/bin/false isn't a shell, it's a program that just returns an error code. It's often used as a shell entry to stop users getting shell access.

hunterhunter · 03-27-2006, 01:55 PM

gilead, what do you think is going on here then?

I have vsftpd set to
check_shells=NO

I set it to /bin/false - nothing
I set it to /bin/bash - I can log in...

There has got to be a way that users can use /bin/false to log in.

Right??

btw, when I set the user up with /bin/bash they can travel up the tree whether chroot is on or off in vsftpd...

Thanks

demented_are_go · 03-27-2006, 02:27 PM

shell set to /bin/false will block ssh access is all I'm saying.

What exactly are you trying to do? keep users from getting out of their home dirs when connecting through ftp?

If that's it... just use chroot_local_user=YES

And of course... don't supply a list, if you do that'll make it a list of users NOT to chroot.

That'll confine them to their home directory.

hunterhunter · 03-27-2006, 02:32 PM

Actually I do have chroot_local_user=YES

and ironically when the shell is set to /bin/bash they can still travel up to /

demented_are_go · 03-27-2006, 02:42 PM

you must have messed up something else, I just installed vsftpd just to test this and make sure the solution given works and it does, if you login and cd .. it just takes you back to the same dir. My user's shell is set to /bin/bash as well. If you try to go back to / it'll act as if the dir was succesfully changed, but look at ls, you're still in the user's home dir.

hunterhunter · 03-27-2006, 02:55 PM

Well I guess we're both sorta right then.

Here's the thing though. When I use FileZilla, and connect I can go up and down in the tree, anywhere I want. I'm thinking that FileZilla is not acting as an ftp client, but more of a secure shell client.

How do I prevent users that are logging into ssh from leaving their home directory then?

Thanks