Loading ...
Sorry, an error occurred while loading the content.
 

Re: allowing ftp login, but not shell login...

Expand Messages
  • Peter Pryor
    ... Thanks for all the replies, but I want to still be able to login myself, so no go on stopping telnet/ssh, and when i changed the shell to /bin/false, ftp
    Message 1 of 6 , Apr 4 9:08 PM
      --- In LINUX_Newbies@yahoogroups.com, "Peter Pryor" <painkillr@y...>
      wrote:
      > Hi,
      >
      > I have an account that people have been ftp'ing into for some time,
      > but now I've decided that I want to block shell login, just in case
      > someone gets snoopy.
      >
      > How can I leave ftp login open, but deny shell login?
      >
      > Thanks,
      >
      > Peter

      Thanks for all the replies, but I want to still be able to login
      myself, so no go on stopping telnet/ssh, and when i changed the shell
      to /bin/false, ftp denied login for that account.

      So I need to keep ftp open, but make sure that no one w/ the ftp
      password can try to login w/ it.

      Thanks,

      peter
    • Mike Peters
      On Sat, 05 Apr 2003 05:08:53 -0000 ... Sounds to me more like you need to set up chroot ed user accounts. This basically creates a skeleton root file system
      Message 2 of 6 , Apr 5 1:00 AM
        On Sat, 05 Apr 2003 05:08:53 -0000
        "Peter Pryor" <painkillr@...> wrote:

        > --- In LINUX_Newbies@yahoogroups.com, "Peter Pryor" <painkillr@y...>
        > wrote:
        > > Hi,
        > >
        > > I have an account that people have been ftp'ing into for some time,
        > > but now I've decided that I want to block shell login, just in case
        > > someone gets snoopy.
        > >
        > > How can I leave ftp login open, but deny shell login?
        > >
        > > Thanks,
        > >
        > > Peter
        >
        > Thanks for all the replies, but I want to still be able to login
        > myself, so no go on stopping telnet/ssh, and when i changed the shell
        > to /bin/false, ftp denied login for that account.
        >
        > So I need to keep ftp open, but make sure that no one w/ the ftp
        > password can try to login w/ it.
        >

        Sounds to me more like you need to set up chroot'ed user accounts. This
        basically creates a skeleton root file system for the users providing
        basic functionality needed for ftp but locking them out of the real file
        system.

        How you set this up depends upon what software you're using but here's a
        doc which explains how to do it using wu-ftpd and RH:
        http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap29sec296.html

        And for proftpd:
        http://proftpd.linux.co.uk/localsite/Userguide/linked/chroot.html#AEN715

        If this isn't what you need maybe you could reword your question.

        --
        Mike
        Web Site: http://www.ice2o.com
        JabberID: mpeters@...
        Registered Linux User #247123

        It was all very well going about pure logic and how the universe was
        ruled by logic and the harmony of numbers, but the plain fact was that
        the disc was manifestly traversing space on the back of a giant turtle
        and the gods had a habit of going round to atheists' houses and smashing
        their windows.
        (Colour of Magic)
      Your message has been successfully submitted and would be delivered to recipients shortly.