So here's what I'm up to. Feel free to give me other solutions or just point me in the right direction.
Please don't just send me to the man pages. I have already read them, but my understanding of programming / scripting isn't up to snuff. I'm working on that.
I want to restrict ftp users on a system that I'm running without having to manually add them to a restricted list, so my solution is to create a list of all users on the system and output the list to the denied ftp users file.
############
names.awk
1 BEGIN {
2 FS=":"
3 }
4 {
5 print $1
6 }
############
gawk -f names.awk /etc/passwd |sort -o /etc/ftpusers
############
After that I manually vi the ftpusers file and comment out or delete the users that are ALLOWED to login.
What I would like to do is create a file with ALLOWED users:
############
user1
user2
user3
user4
############
and check the ftpusers file against the allowedusers file, commenting out or deleting any lines that match.
############
adm
apache
bin
#user1
#user2
#user3
#user4
nobody
mail
postfix
etc...
############
I tried reaching my goal - denying all ftp access except allowed list - by changing the /etc/pam.d/ftp file from:
############
auth required pam_listfile.so item=user sense=
deny file=/etc/ftpusers onerr=succeed
############
to
############
auth required pam_listfile.so item=user sense=
allow file=/etc/ftpusers onerr=succeed
############
but that did not work at all.
So basically I would like to just create a script that does the file comparison that I described earlier, or find another way to manage who has access to ftp and who doesn't.
I'm not a total linux newbie, but I will admit that I haven't worked with it that long and I'm not a programmer, so coding stuff (shell scripts for example) isn't really my thing.
I suppose this could also be done using more/less & grep with the -v option, but awk/gawk/sed looked like a better solution.
Thanks in advance for the help - by the way, this is my first post on LinuxQuestions.org!!
***EDIT***
I found this other thread:
http://www.linuxquestions.org/questi...d.php?t=446640
which is basically what I want to do, but I would still like other input on the problem (managing who has ftp access to the system) if anyone has any ideas.
Thanks again!