LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 04-12-2004, 10:30 PM   #1
hnad
LQ Newbie
 
Registered: Mar 2004
Location: Australia
Distribution: Schlack!
Posts: 26

Rep: Reputation: 15
how to - ftp user with no login shell


Howdy

In a bit of a bind. I'm setting up VSFTPD on rh 9 and I want to add users so they can access the ftp but not login to the shell.

So I've setup a user account, added it to the ftp group, set the login shell to bash/false.

All good, they can't login to the shell. But they can't login to the ftp either.

If I switch the login shell back to bin/bash they can login to the ftp server. But then they can also login with shell so I'm kinda stuffed.

What am I missing?

Thanks
 
Old 04-13-2004, 01:28 AM   #2
MarkBurke
LQ Newbie
 
Registered: Nov 2003
Location: Orange County, CA, USA
Distribution: aix, rhel, ubuntu
Posts: 24

Rep: Reputation: 0
A newbie reply, of course it will show.

Sorry, this information is not what you want, but thought it might lead to something useful.

I think the login must be granted. But you can put a startup file to log them out (echo "exit" >> $HOME/.bashrc) , or try not granting /bin/bash as the startup shell (a startup shell is not needed except when the users is in a telnet, rsh, or local login, ftp doesn't need a shell prompt like bash)

I've found the opposite of what you wanted (a way to deny users ftp access). A list of users who may not login through the ftp command is contained in /etc/ftpusers (search documentation for ftpusers)

I found one idea on the internet, where the list of users in /etc/passwd (field 1 or username field whereever that is, assumed fields are seperated by colons)

cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GOODUSER' < /tmp/users.txt > /etc/ftpusers && rm /tmp/users.txt

# All users will be placed into /etc/ftpusers, except the user allowed to login via ftp.
# The effect is to have all users denied ftp login except the user you specify as
# GOODUSER
# the implementation was in a shell script running in a crontab every day, to
# automatically update the /etc/ftpusers, in case additions are made.

Here's what it looks like:

root@localhost etc]# cut -d: -f1 /etc/passwd > /tmp/users.txt && grep -v 'GGD' < /tmp/users.txt > /etc/ftpusers && rm -f /tmp/users.txt
[root@localhost etc]# ftp localhost
ftp: connect: Connection refused
ftp>

and removing root from the list of users in /etc/ftpusers , allows root to login.
 
Old 04-13-2004, 02:24 AM   #3
hnad
LQ Newbie
 
Registered: Mar 2004
Location: Australia
Distribution: Schlack!
Posts: 26

Original Poster
Rep: Reputation: 15
ehehe

oook not quite what I was looking for but anyway

I got it all sorted anyway. So from one newb to another:

Create a file called '/bin/nologin' and chmod to 755. In it add:
#!/bin/bash
echo You don't have shell access here
echo This session will end in 15 seconds
echo Goodbye
sleep 15

Add it to /etc/shells

Change the user's shell to it. When they try and shell they will get that message before being disconnected but they will still be able to FTP.

All good.
 
Old 04-13-2004, 03:22 AM   #4
Thetargos
Senior Member
 
Registered: Mar 2003
Location: Mexico City
Distribution: Fedora, Ubuntu & Mint
Posts: 1,679

Rep: Reputation: 45
Quote:
Originally posted by hnad
ehehe

oook not quite what I was looking for but anyway

I got it all sorted anyway. So from one newb to another:

Create a file called '/bin/nologin' and chmod to 755. In it add:
#!/bin/bash
echo You don't have shell access here
echo This session will end in 15 seconds
echo Goodbye
sleep 15

Add it to /etc/shells

Change the user's shell to it. When they try and shell they will get that message before being disconnected but they will still be able to FTP.

All good.
Hey! nice and elegant solution (you could also deny SSH and Telnet access altogether, but probably that's not what you wanted).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New User FTP/SHELL Limitations kihtap Linux - Software 1 03-05-2005 05:00 AM
how to establish ftp server with proftp to allow anonymous user login icoming Linux - Networking 3 10-12-2004 10:38 AM
Web/FTP/Shell user stats software? inspleak Linux - Software 1 04-03-2004 05:54 PM
Connection, login and upload files to ftp server via shell script Paulo Ges Linux - Networking 2 02-21-2004 01:01 PM
Can't login to ftp as user only anon? Monkey Linux - Newbie 1 03-06-2002 11:19 PM


All times are GMT -5. The time now is 07:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration