LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-15-2008, 02:05 AM   #1
daveginorge
Member
 
Registered: Oct 2006
Location: Porsgrunn, Norway
Distribution: CentOS 5 / 6 / 7
Posts: 104

Rep: Reputation: 16
VSFTP Users


Hi All

Running FC9

I would like to restrict the amount of users that show in the logon screen to only a few.

I have a FTP server that will over time get many users, these users will never log in as local (so they need not show FC9 logon screen) but all will use their home directories as FTP area's.

Is there a way I can make these users not appear in logon screen?

Thanks in advance
 
Old 10-15-2008, 03:23 AM   #2
ChrisAbela
Member
 
Registered: Mar 2008
Location: Malta
Distribution: Slackware and Debian
Posts: 530

Rep: Reputation: 124Reputation: 124
You can use XDM as the login manager and then you will have none. They simply enter their username and password.

Chris
 
Old 10-15-2008, 03:25 AM   #3
romsieze
LQ Newbie
 
Registered: Sep 2008
Posts: 18

Rep: Reputation: 0
I'm no expert on the subject but what is their shell in /etc/passwd?

should be /bin/false, /bin/nologin, or even /dev/null I believe but I'm not sure if that will keep them from logging in through ftp or not.

would suggest creating a new user and testing it first.

Last edited by romsieze; 10-15-2008 at 03:27 AM.
 
Old 10-15-2008, 08:33 AM   #4
daveginorge
Member
 
Registered: Oct 2006
Location: Porsgrunn, Norway
Distribution: CentOS 5 / 6 / 7
Posts: 104

Original Poster
Rep: Reputation: 16
Hi romsieze you were spot on.

/sbin/nologin when creating the user creates the account with no login possibility on the local host yet FTP to users directories work fine.

Next question

I have the FTP Users in a group called "ruser" and not a member of the "users" group. They do not have groups of their own.

The administrator to the FTP system is a member of the FTPadmin group.

How do I stop the FTP Users from going up a dir or two and getting access to the rest of the files system.

home1 is in the root dir
drwxr-xr-x 4 root FTPadmin 4096 2008-10-15 11:37 home1

The home dirs of the test users of my system are in home1.
drwxr-xr-- 5 dev FTPadmin 4096 2008-10-14 19:18 dev
drwxr-xr-- 4 sql FTPadmin 4096 2008-10-15 11:37 sql

The permissions shown above stop the users from accessing each others dirs but not the file system, ideally it would be good to stop them from leaving their own dir to gain access to home1.

Any advice here would be very welcomed.

Thanks
 
Old 10-15-2008, 02:45 PM   #5
cygnal
LQ Newbie
 
Registered: May 2007
Distribution: Slackware/Debian
Posts: 26

Rep: Reputation: 15
Read through this:
http://benkay.net/blog/2008/08/chroot-jail-with-vsftpd/

Chroot jailing causes the user to see whatever directory they log into as the top level directory on the system, preventing them from going farther upward and accessing other's directories. Check the vsftpd.conf man page for specific details.
 
Old 10-15-2008, 06:05 PM   #6
romsieze
LQ Newbie
 
Registered: Sep 2008
Posts: 18

Rep: Reputation: 0
cygnal is right chroot jail is the best solution.

to do this:
Open /etc/vsftpd/vsftpd.conf with whatever editor you choose

Make sure this line exists and in uncommented
chroot_local_user=YES

then run this command as root
# /etc/init.d/vsftpd restart
 
Old 10-18-2008, 04:18 AM   #7
daveginorge
Member
 
Registered: Oct 2006
Location: Porsgrunn, Norway
Distribution: CentOS 5 / 6 / 7
Posts: 104

Original Poster
Rep: Reputation: 16
Thanks for that guys just what I needed. It also gave me the information to answer the next few questions that would have posted.

Thanks again.
Dave
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftp needs SSL for some users jweller Linux - Software 1 07-12-2007 09:08 AM
Can't stop anonymous vsftp users lagu2653 Linux - Networking 2 11-17-2005 09:54 PM
VSFTP Virtual users Rage79 Linux - Security 7 01-10-2005 06:57 AM
Add VSFTP Users Gjallis Linux - Software 1 06-26-2003 04:52 PM
how to deny all users in vsftp except one? lzyking Linux - Software 7 12-11-2002 10:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration