November 19th, 2001, 09:19 AM
Creating a user who can only FTP
I normally use SuSe Linux, but have just started to use Red Hat on another Web Server.
On my SuSe box, to add a user who could only FTP (i.e. not get shell access) I would add the user as normal but their shell would be bin/false.
However, when I do this on my RedHat box, it will not allow the user to connect (although other users with bin/bash can).
Has anyone got any ideas why this would be?
November 19th, 2001, 10:30 AM
A default shell of /dev/null has always worked for me.
Is it just me or is it cold in here?
November 19th, 2001, 01:02 PM
>> A default shell of /dev/null
Never use /dev/null. Use something that's either non-existence or executable such as /usr/local/bin/ftponly. Executing /dev/null continuously may break your /dev/null.
>> it will not allow the user to connect
In your case, you need to add /bin/false to /etc/shells. However, since adding /bin/false potentially may affect other system users (i.e. daemon, bin), so inappropriate.
>> Has anyone got any ideas why this would be?
1) Create a script /usr/local/bin/ftponly
2) Put the following in this script:
echo 'This account is currently not available.'
3) Append /usr/local/bin/ftponly to /etc/shells
November 20th, 2001, 03:25 AM
November 22nd, 2001, 01:42 AM
Or other idea: use /usr/bin/passwd as a shell
November 22nd, 2001, 01:56 AM
>> use /usr/bin/passwd as a shell
No and doing something stupid like this could lead to potential exploit. As I said, use something that is either non-existence or write a simple ftponly shell script.
November 22nd, 2001, 09:57 AM
maybe, but this will add additional functionality i.e. user can change his own passwd. if this is a exploit, this is true for all users of Your system :-D
November 22nd, 2001, 04:10 PM
It works great!! Thank you