FTP account

How to create Unix user account that only has FTP access and to only one directory?

It will depend on what FTP server you are using, but if you're using ProFTP, it's quite easy to specify a DefaultRoot into which your users will be jailed - in fact it'll look to them like it's the root of your entire filesystem.

The actual unixy side of preventing them from doing anything else is quite easy - you can first set up a special group called ftpusers, then everytime you create a user just make sure that you make them a member of that group - you might find the convenient when hacking your ftp config (hint). Further to that, just set the user's home area to /dev/null and their default shell to /bin/false - that way they won't ever get a shell running, so the only way they can connect is vi whatever services you're running on the machine.

hth
christo

Hi Christo,
unfortunately I didn't use a ProFTP server but an Unixware 7.1.1 server, currently used as Application Server in a Call Center environment. I want to give the access to the system via ftp to an application that makes automatic file transfer. So any suggestion are kindly accepted.

Cheers

Max

Without changing servers you probably will not be able to restrict them to one directory. But you should be able to limit them to ftp acess only.

As Christo said, set their shell to /bin/false or /usr/bin/false, which ever your system uses. You cannot set thier home directory to /dev/null, ftpd uses that field too. Set the home directory correctly.

Most ftp servers will not allow a connect unless the users shell is in /etc/shells. Check your "man ftpd" to see if yours is one. If so, you will need to do that. If /etc/shells does not exist, the system behaves as if it did and it contains a default list. If your /etc/shells does not exist, you will need to add a line for every login shell in use together with /bin/false.