System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to create a FTP-only account, with no shell access?

SOLVED
Go to solution
dictum9
Super Advisor

How to create a FTP-only account, with no shell access?

How to create a FTP-only account, with no shell access?

This is on 11.23.

Basically, what entry do I put in the shell field?
5 REPLIES
Uday_S_Ankolekar
Honored Contributor
Solution

Re: How to create a FTP-only account, with no shell access?

configure anonymous ftp account and make shell as /bin/false.

Easy way to do this is using 'sam'

-USA
Good Luck..
dictum9
Super Advisor

Re: How to create a FTP-only account, with no shell access?

I don't want it to be anonymous. And I have a predefined home directory I want to use.
Patrick Wallek
Honored Contributor

Re: How to create a FTP-only account, with no shell access?

Just set up your user and use /usr/bin/false as the shell.

You don't have to have anonymous ftp enabled to do that.

Also, make sure you have an /etc/shells file and that /usr/bin/false is in that file, otherwise the user will not be able to log in via ftp.
Steven Schweda
Honored Contributor

Re: How to create a FTP-only account, with no shell access?

man ftpd

Look for "guest".
Minoia
Advisor

Re: How to create a FTP-only account, with no shell access?

Easily you can create a chroot :

1. Add the group ftponly in /etc/group

2. Add the new user in passwd, the user must be in ftponlygroup.
Here example of /etc/passwd entry

ftpuser:*:113:107:,,,:/home/ftpuser/./HOMEFTP:/usr/bin/false

(pay attention at the '.' between directories ftpuser and HOMEFTP)


3. Add /usr/bin/false in /etc/shells
4. Modify the ftp's entry in /etc/inetd.conf
ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -a -l

by adding -a ( ftpaccess activation) -l (logging)

5. under /home/ftpuser create the directory etc and usr/bin annd usr/lib.
In /etc/ created a passwd file with only the ftpuser entry, the same in group file.
Under usr copy the following command and library from their absolute path

usr/bin/ls

usr/lib/libcurses.1
usr/lib/libc.2
usr/lib/dld.sl
usr/lib/libdld.2
usr/lib/libnss_files.1


6. add ftpaccess file in /etc/ftpd

Here an example
---------------------------------------------
loginfails 2
#
noretrieve /etc/hosts /etc/group /etc/passwd /etc/resolv.conf /stand/system
#
class remote real,guest,anonymous *
limit remote 100 Any
defumask 002
guestgroup ftponly
# all the following default to "yes" for everybody
delete yes guest,anonymous,remote # delete permission?
overwrite yes guest,anonymous,remote # overwrite permission?
rename yes guest,anonymous,remote # rename permission?
chmod no anonymous # chmod permission?
umask no anonymous # umask permission?
---------------------------------------------
7. restart inetd with inetd -c

And your limited ftpuser is ready to work.
The root directory of ftpuser is /home/ftpuser