-   Linux - Security (
-   -   How to bind users to their home directories? (

trees 09-14-2004 03:30 PM

How to bind users to their home directories?

We have a server running samba, ftp, and a bunch of other things.
When create an ftp/samba user, I also have to create a linux user.

That user can log in and browse through the system, and sometimes we forget to change permissions of certain files, so they can actually be viewable.

Is there a way to create a group (samba/ftp), and set the users in that group to be bound to their home directories?

I remember seeing something like that when doing the initial linux setup, but I don't remember what it was.


r0b0 09-15-2004 09:26 AM

You could use some chroot settings, but I guess this will not be worth the effort. Just set the permissions in top level directories restrictively, and you won't have to worry about forgetting to set up permissions on individual files/directories.

btmiller 09-15-2004 02:32 PM

When you create the account, you can set the user's shell to something that can't actually login, e.g. /sbin/nologin. Samba should still work, but the user won't be able to actually login to a shell on the Linux machine (they may be able to FTP in, depending on how stuff is set up).

trees 09-15-2004 02:44 PM

I just tried it, and it's pretty much exactly what I was looking for, except that FTP login doesn't work (I'm using wu-ftpd).

Is there a limited shell that I can use in the similar way that can FTP?


flashingcurser 09-15-2004 07:27 PM

If you look around you will find mysql backend authentication for various ftp deamons. I use proftp with mysql back end, it authenticates fine, keeping group id's, user id's, and change roots individual home directorys. No shell accounts.

Google for mysql proftp.


btmiller 09-15-2004 10:34 PM

Wu-ftpd checks and makes sure a user's shell is in /etc/shells before it lets them login. If the login shell isn't in there, then no FTP access. What I sometimes do is add /bin/true to /etc/shells and then make it a user's shell. It won't let the user have shell access, but wu-ftpd will let them in.

trees 09-16-2004 05:32 PM

Alas! It is exactly what I was looking for!

Many thanks

All times are GMT -5. The time now is 12:57 AM.