how to restrict /bin/false user from executing /bin/chmod command

SantoshSonavale · 08-12-2015, 01:03 AM

Keruskerfuerst · 08-12-2015, 01:26 AM

info false

SantoshSonavale · 08-12-2015, 04:28 AM

Quote:

Originally Posted by Keruskerfuerst

info false

As i know, user will not get access to any shell.... but he can able to do ftp through ftp client such as winscp, filezilla etc..
& as /bin/false shell is assigned to FTP users... so how can i restrict sftp users from changing the permissions.. so i want to restrict them to user /bin/chmod command...

pan64 · 08-12-2015, 08:09 AM

sftp does not use /bin/chmod at all. You need to restrict directory access (to avoid permission changes) I think, but we need more info to help further (for example how the ftp server was configured, what files/dirs should be protected - show an example)

SantoshSonavale · 08-13-2015, 12:33 AM

thanks for your reply... sftp server is configured through ssh (rhel 6.2)... users home directory should be need to protected... as he is owner of directory he is able to change permissions... i want to restrict user from changing the permission of directory & sub directory...

pan64 · 08-13-2015, 01:48 AM

I think you can simply remove write access on home dir (as root) and subdirs too, (even the owner can be changed).