SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running Slackware 10 and I want to run it on a box as a File/Web server. I've got Apache/PHP/MySQL and Samba setup, but I'm wondering how I can setup FTP and SSH servers which will automatically only take connections from users with accounts on the system (like in 'ftp' and 'sshd' groups) and possibly lock them into their home folder.
I've got the SSHd running, but not adding users to the sshd group doesn't seem to keep them out.
You want a per-user lockout? Meaning, that they cannot log into a shell on the box, but can still receive/send email, correct?
Edit /etc/passwd, go to the user's line, after the last colon (':') change the /bin/bash to /bin/false. It is possible there is no /bin/bash, in which case, just add the /bin/false. This will prevent them from shell access, not just via SSH, but also from the console, so do not do this to root, nor to the account you use for administration (ie. yours). I believe that the FTP server also honors this.
AllowGroups
This keyword can be followed by a list of group name patterns,
separated by spaces. If specified, login is allowed only for
users whose primary group or supplementary group list matches one
of the patterns. `*' and `?' can be used as wildcards in the
patterns. Only group names are valid; a numerical group ID is
not recognized. By default, login is allowed for all groups.
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
user names that match one of the patterns. `*' and `?' can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.
DenyGroups
This keyword can be followed by a list of group name patterns,
separated by spaces. Login is disallowed for users whose primary
group or supplementary group list matches one of the patterns.
`*' and `?' can be used as wildcards in the patterns. Only group
names are valid; a numerical group ID is not recognized. By
default, login is allowed for all groups.
DenyUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. Login is disallowed for user names that
match one of the patterns. `*' and `?' can be used as wildcards
in the patterns. Only user names are valid; a numerical user ID
is not recognized. By default, login is allowed for all users.
If the pattern takes the form USER@HOST then USER and HOST are
separately checked, restricting logins to particular users from
particular hosts.
So just add one (or more) of the above directives to your /etc/ssh/sshd_config file to allow/deny the user(s)/group(s) you wish.
To lock them into their home directory, look at this project.
As for FTP, I'd recommend only using sftp, which is more secure and will be configured when you setup sshd.
Enjoy!
--- Cerbere
[edit] You may also want to browse through the Security forum of LQ for more info on locking down your box. [/edit]
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.