#1
  1. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    18
    Using FreeBSD 3.4

    I can define a user's FTP root to their directory using /etc/ftpchroot

    But I can't do the same with telnet and I can't deny telnet without taking away FTP...

    Telnet isn't a necessary feature for these users, so how do I deny telnet and not FTP? Or barring that how do I limit their telnet access to the user root? (long shot I know).
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>how do I limit their telnet access to the user root?

    Can't unless you write your own shell.

    >>But I can't do the same with telnet and I can't deny telnet without taking away FTP

    1) cat /etc/shells
    #############################################
    # $FreeBSD: src/etc/shells,v 1.3.2.1 2000/07/10 08:47:17 obrien Exp $
    #
    # List of acceptable shells for chpass(1).
    # Ftpd will not allow users to connect who are not using
    # one of these shells.

    /bin/sh
    /bin/csh
    /bin/tcsh
    #############################################
    So that means, as long as a user has a shell from the choices above, he can login both FTP and Telnet.
    2) Next, su to a non-system user or create a new user just for testing purpose, assign a /sbin/nologin shell to such user. Or use "vipw" to change the user's shell.
    3) Telnet in and FTP in with such user, for Telnet, you would get "This account is not available" or something, for FTP, such user simply gets login failed, that is supposed to be because you need one more step as follow..
    4) vi /etc/shells
    add /sbin/nologin to the list so you should get:
    /bin/sh
    /bin/csh
    /bin/tcsh
    /sbin/nologin

    As the cat /etc/shells from (1) mentions, "Ftpd will not allow users to connect who are not using one of these shells". Ftpd doesn't care whether it's nologin shell or whatever, as long as such shell is listed here and the user's shell belongs to one of these, such user is allow to FTP login, but not ssh/telnet.
  4. #3
  5. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    18
    Fantastic! I knew YOU would have an answer!

    Works like a charm.
  6. #4
  7. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    18
    ooops! Spoke to soon. Logging in as one of the users so defined, the directory appears empty...
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 1999
    Location
    Tempe, AZ, USA
    Posts
    12
    Rep Power
    0
    I am trying to setup an FTP-only account on Linux RH6.1 box - and have the user login directory be their root so that cannot explore and view other directories/files on the machine. Does anyone know how I do this?
  10. #6
  11. No Profile Picture
    d0g1e
    Guest
    Devshed Newbie (0 - 499 posts)
    you could add an "#" in front of the "telnet"
    line in /etc/inetd.conf and do a killall -HUP
    inetd to restart the inet daemon. this stops
    the telnet daemon from starting at boot-
    time

IMN logo majestic logo threadwatch logo seochat tools logo