Creating a user who can only FTP

Hello,

I normally use SuSe Linux, but have just started to use Red Hat on another Web Server.

On my SuSe box, to add a user who could only FTP (i.e. not get shell access) I would add the user as normal but their shell would be bin/false.

However, when I do this on my RedHat box, it will not allow the user to connect (although other users with bin/bash can).

Has anyone got any ideas why this would be?

Thanks

A default shell of /dev/null has always worked for me.

>> A default shell of /dev/null

Never use /dev/null. Use something that's either non-existence or executable such as /usr/local/bin/ftponly. Executing /dev/null continuously may break your /dev/null.

>> it will not allow the user to connect

In your case, you need to add /bin/false to /etc/shells. However, since adding /bin/false potentially may affect other system users (i.e. daemon, bin), so inappropriate.

>> Has anyone got any ideas why this would be?

1) Create a script /usr/local/bin/ftponly
2) Put the following in this script:
#!/bin/sh -p
echo 'This account is currently not available.'
exit 1
3) Append /usr/local/bin/ftponly to /etc/shells

thanks, worked a treat!

Or other idea: use /usr/bin/passwd as a shell

>> use /usr/bin/passwd as a shell

No and doing something stupid like this could lead to potential exploit. As I said, use something that is either non-existence or write a simple ftponly shell script.

maybe, but this will add additional functionality i.e. user can change his own passwd. if this is a exploit, this is true for all users of Your system :-D

It works great!! Thank you