On some systems, there is a shell called "/sbin/nologin" already setup. This
"shell" prints an error message of your choosing from /etc/nologin.txt and
exits so they have no shell. If your system has nologin installed you can
simply change the Shell: path in /etc/passwd to Shell: /sbin/nologin and they
will not be able to login. If your system does not have "nologin" then read
on.
To prevent a user from being able to login via ssh or telnet but still allow
them access via ftp then change their shell in /etc/passwd to something
besides a real shell. For instance: Shell: /bin/bogus
You must also create an entry in the /etc/shells file specifying "bogus". If
"bogus" does not appear in /etc/shells they will get an error when trying to
log in via ftp.
When you change the shell to "bogus", a non-existant shell, they cannot get a
shell to execute commands in via telnet, ssh, rsh or even the console.
As far as the upload and download permissions, simply assign rwx access to the
upload user and -rx to the download user.
On Wednesday May 14 2003 08:24 pm, you wrote:
> Ok, here's the scoop.... I went to that website and sort of custom
> tailored the instruction to do what I want to do. Here are my
> objectives! Stuff I have done on my own I have marked with done.
>
> a.) restrict anonftp access [done!]
> b.) create a download user that can only download from all directories
> in the ftp server - this user should not be able to telnet, ssh, or
> login locally to run any commands on the system
> c.) create a upload user that has the same permissions as the download
> user, but can also upload to the upload directory - this user should not
> be able to telnet, ssh, or login locally to run any commands on the
> system.
>
> I have created the above users and here is their information:
> [root@jtiner var]# finger download; finger upload;
> Login: download Name: (null)
> Directory: /var/ftp Shell: /bin/bash
> Never logged in.
> No mail.
> No Plan.
> Login: upload Name: (null)
> Directory: /var/ftp/ Shell: /bin/bash
> Last login Wed May 14 11:49 (EDT) on pts/2 from 192.168.0.2
> No mail.
> No Plan.
>
> ---
>
> So far this is the directory structure and the permissions:
> [root@jtiner var]# pwd; tree ftp/; ll -R ftp/
> /var
> ftp/
> `-- pub
>
> |-- movies
> |-- music
>
> `-- upload
>
> 4 directories, 0 files
> ftp/:
> total 3
> drwxr-x--- 5 root ftp-users 4096 May 14 07:35 pub
>
> ftp/pub:
> total 12
> drwxr-x--- 2 root ftp-users 4096 May 14 07:34 music
> dr-xr-x--- 2 upload ftp-users 4096 May 14 11:36 upload
>
> ftp/pub/music:
> total 0
>
> ftp/pub/upload:
> total 0
> [root@jtiner var]#
>
> ---
>
> Does this speficity help at all?
>
> -jtiner
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:52:54 EDT