HPE Community
Operating System - HP-UX
1753595 Members
6144 Online
108796 Solutions
New Discussion юеВ

Re: no shell account

 
SOLVED
Go to solution
mjos
Super Advisor

тАО03-02-2008 11:49 PM

тАО03-02-2008 11:49 PM

no shell account

I want to create a no shell account for an user. He will be using this account to connect to the server using ssh to send & recieve files. He will be having access to only 2 dirs for sending & recieving files.

Any way to create a no shell account.
Please help.
0 Kudos
Reply
10 REPLIES 10
Mark Grant
Honored Contributor

тАО03-03-2008 12:08 AM

тАО03-03-2008 12:08 AM

Re: no shell account

If you use ssh the user will need a shell account.

If it's only for sending and receiving files then "ftp" or "sftp" is probably simpler. You can restrict the user to which ever directories you want and give them an "ftpshell" as their shell too.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО03-03-2008 12:16 AM

тАО03-03-2008 12:16 AM

Re: no shell account

create a user and edit the /etc/passwd file using command

#vipw

and in shell area replace the existing shell by /usr/bin/ftpshell.

a warrior never quits
0 Kudos
Reply
mjos
Super Advisor

тАО03-03-2008 12:57 AM

тАО03-03-2008 12:57 AM

Re: no shell account

I dont find any ftpshell inside /usr/bin

# pwd
/usr/bin
# ll ftp*
-r-xr-xr-x 1 bin bin 374364 Nov 10 2006 ftp
-r-xr--r-- 1 bin bin 42828 Nov 10 2006 ftpcount
-r-xr--r-- 1 bin bin 48244 Nov 10 2006 ftprestart
-r-xr--r-- 1 bin bin 56828 Nov 10 2006 ftpshut
lrwxr-xr-x 1 root bin 10 Nov 16 14:16 ftpwho -> ./ftpcount
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО03-03-2008 01:49 AM

тАО03-03-2008 01:49 AM

Re: no shell account

follow the procedures

1. Create a bogus shell for users that will only have FTP access to the system:

a. vi /usr/bin/ftpshell

b. exit 0

c. chmod 555 /usr/bin/ftpshell

d. chown bin:bin /usr/bin/ftpshell

2. Create an /etc/shells file:

a. vi /etc/shells

b. Include these lines in the file:

/sbin/sh

/usr/bin/ksh

/usr/bin/sh

/usr/bin/csh

/usr/bin/rsh

/usr/bin/rksh

/usr/bin/keysh

/bin/sh

/bin/ksh

/bin/csh

/bin/rsh

/bin/rksh

/usr/bin/ftpshell
a warrior never quits
0 Kudos
Reply
mjos
Super Advisor

тАО03-03-2008 02:13 AM

тАО03-03-2008 02:13 AM

Re: no shell account

Thanks....I did the same thing...when I am trying to sftp to the server with that user ...I am getting the following error

Connection has been unexpectedly closed. Server sent command exit status 1.

# cat /usr/bin/ftpshell
exit 0

# cat /etc/shells
/bin/sh
/usr/bin/sh
/bin/ksh
/usr/bin/ksh
/usr/bin/ftpshell
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО03-03-2008 02:24 AM

тАО03-03-2008 02:24 AM

Solution

Re: no shell account

this is not for sftp.

this is for ftp login.
a warrior never quits
Reply
mjos
Super Advisor

тАО03-03-2008 02:28 AM

тАО03-03-2008 02:28 AM

Re: no shell account

Thanks Ahsan...but my need is that the user should be able to do sftp transfers & not ftp. I am able to do sftp using any other account
0 Kudos
Reply
Mark Grant
Honored Contributor

тАО03-03-2008 03:29 AM

тАО03-03-2008 03:29 AM

Re: no shell account

I'm pretty sure that you can't do what you want with sftp. sftp is only ftp over ssh and ssh in a replacement for rlogin/remsh.

There are proper ftp clients that support encryption and will also allow you to restrict what the user can see/do and remove the requirement for a shell.

"oftp" is one though and I believe there is an "eftp" as well.

Alternatively, use ftp and encrypt the files before transferring.

Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Heironimus
Honored Contributor

тАО03-03-2008 09:36 AM

тАО03-03-2008 09:36 AM

Re: no shell account

sftp doesn't read /etc/shells for anything, but it does expect a shell to invoke the sftp-server binary to handle the server's end of the connection. One slightly hackish way to provide sftp without shell access is to set the shell to sftp-server (I don't have the full path handy, but it's part of the ssh package). You can also use scponly or rssh as the shell, both of which can be used to allow scp as well as sftp.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.