LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (http://www.linuxquestions.org/questions/red-hat-31/)
-   -   how to - ftp user with no login shell (http://www.linuxquestions.org/questions/red-hat-31/how-to-ftp-user-with-no-login-shell-169391/)

hnad 04-12-2004 10:30 PM

how to - ftp user with no login shell
 
Howdy

In a bit of a bind. I'm setting up VSFTPD on rh 9 and I want to add users so they can access the ftp but not login to the shell.

So I've setup a user account, added it to the ftp group, set the login shell to bash/false.

All good, they can't login to the shell. But they can't login to the ftp either. :p

If I switch the login shell back to bin/bash they can login to the ftp server. But then they can also login with shell so I'm kinda stuffed.

What am I missing?

Thanks

MarkBurke 04-13-2004 01:28 AM

A newbie reply, of course it will show.

Sorry, this information is not what you want, but thought it might lead to something useful.

I think the login must be granted. But you can put a startup file to log them out (echo "exit" >> $HOME/.bashrc) , or try not granting /bin/bash as the startup shell (a startup shell is not needed except when the users is in a telnet, rsh, or local login, ftp doesn't need a shell prompt like bash)

I've found the opposite of what you wanted (a way to deny users ftp access). A list of users who may not login through the ftp command is contained in /etc/ftpusers (search documentation for ftpusers)

I found one idea on the internet, where the list of users in /etc/passwd (field 1 or username field whereever that is, assumed fields are seperated by colons)

cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GOODUSER' < /tmp/users.txt > /etc/ftpusers && rm /tmp/users.txt

# All users will be placed into /etc/ftpusers, except the user allowed to login via ftp.
# The effect is to have all users denied ftp login except the user you specify as
# GOODUSER
# the implementation was in a shell script running in a crontab every day, to
# automatically update the /etc/ftpusers, in case additions are made.

Here's what it looks like:

root@localhost etc]# cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GGD' < /tmp/users.txt > /etc/ftpusers && rm -f /tmp/users.txt
[root@localhost etc]# ftp localhost
ftp: connect: Connection refused
ftp>

and removing root from the list of users in /etc/ftpusers , allows root to login.

hnad 04-13-2004 02:24 AM

ehehe

oook not quite what I was looking for but anyway :)

I got it all sorted anyway. So from one newb to another:

Create a file called '/bin/nologin' and chmod to 755. In it add:
#!/bin/bash
echo You don't have shell access here
echo This session will end in 15 seconds
echo Goodbye
sleep 15

Add it to /etc/shells

Change the user's shell to it. When they try and shell they will get that message before being disconnected but they will still be able to FTP.

All good. :)

Thetargos 04-13-2004 03:22 AM

Quote:

Originally posted by hnad
ehehe

oook not quite what I was looking for but anyway :)

I got it all sorted anyway. So from one newb to another:

Create a file called '/bin/nologin' and chmod to 755. In it add:
#!/bin/bash
echo You don't have shell access here
echo This session will end in 15 seconds
echo Goodbye
sleep 15

Add it to /etc/shells

Change the user's shell to it. When they try and shell they will get that message before being disconnected but they will still be able to FTP.

All good. :)

Hey! nice and elegant solution ;) (you could also deny SSH and Telnet access altogether, but probably that's not what you wanted).


All times are GMT -5. The time now is 12:18 AM.