how to - ftp user with no login shell
In a bit of a bind. I'm setting up VSFTPD on rh 9 and I want to add users so they can access the ftp but not login to the shell.
So I've setup a user account, added it to the ftp group, set the login shell to bash/false.
All good, they can't login to the shell. But they can't login to the ftp either. :p
If I switch the login shell back to bin/bash they can login to the ftp server. But then they can also login with shell so I'm kinda stuffed.
What am I missing?
A newbie reply, of course it will show.
Sorry, this information is not what you want, but thought it might lead to something useful.
I think the login must be granted. But you can put a startup file to log them out (echo "exit" >> $HOME/.bashrc) , or try not granting /bin/bash as the startup shell (a startup shell is not needed except when the users is in a telnet, rsh, or local login, ftp doesn't need a shell prompt like bash)
I've found the opposite of what you wanted (a way to deny users ftp access). A list of users who may not login through the ftp command is contained in /etc/ftpusers (search documentation for ftpusers)
I found one idea on the internet, where the list of users in /etc/passwd (field 1 or username field whereever that is, assumed fields are seperated by colons)
cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GOODUSER' < /tmp/users.txt > /etc/ftpusers && rm /tmp/users.txt
# All users will be placed into /etc/ftpusers, except the user allowed to login via ftp.
# The effect is to have all users denied ftp login except the user you specify as
# the implementation was in a shell script running in a crontab every day, to
# automatically update the /etc/ftpusers, in case additions are made.
Here's what it looks like:
root@localhost etc]# cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GGD' < /tmp/users.txt > /etc/ftpusers && rm -f /tmp/users.txt
[root@localhost etc]# ftp localhost
ftp: connect: Connection refused
and removing root from the list of users in /etc/ftpusers , allows root to login.
oook not quite what I was looking for but anyway :)
I got it all sorted anyway. So from one newb to another:
Create a file called '/bin/nologin' and chmod to 755. In it add:
echo You don't have shell access here
echo This session will end in 15 seconds
Add it to /etc/shells
Change the user's shell to it. When they try and shell they will get that message before being disconnected but they will still be able to FTP.
All good. :)
|All times are GMT -5. The time now is 11:47 PM.|