Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a sftp server running on RedHat AS3 server and there is a user account aaa. What I want to do is to deny sftp access and allow ssh access to the particular user (aaa)
Hi thanks but thing is every who has a account can access sftp and ssh. I want a particular user account (lets say aaa account)must be able to ssh but deny if that account tries to sftp
Read the following: http://www.debian-administration.org/articles/94
... usually you want to allow file access but not running commands. You seem to want the opposite. This seem a little self defeating as what is stopping a user running sftp from an ssh shell... or just cding into the file directory and using scp?
I thought you didn't want remote users gaining sftp access to your machine... now it seems you don't want local users to be able to use an ftp client from your machine. Which is it?
I am sorry about the confusion let me explain the situation.
I have some java programs and these are executed by normal user. Lets say the user account is AAA then this AAA account should be able execute these java programs but not copy these files in any means.
1. This user AAA should be able to ssh to the server from remote machine and just execute the programs
2. This user AAA should be forbidden to sftp to sever from a remote machine.
Only this particular user AAA should be denied of sftp and allowed ssh to execuit the java programs rest of the users should be as default
Well.. don't serve the files in your ftp server. (you are not allowing remote users complete access right?)
Your remaining trouble will involve scp.
Why not keep the files in a location the user does not have access to, i.e. not in that users account, and have them use a script to execute the file? They can copy the script, but that doesn't do them any good.
Another issue is why you care that this user can copy your java files.
If there is only one java program that is run, then you could look at having a per-user config entry ( using a "Match" segment ) in sshd_config that will run the java program after the user is authenticated ( "ForceCommand" option).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.