System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

how to create one user account which only can ftp and cannot telnet

SOLVED
Go to solution
Eric Unix
Frequent Advisor

how to create one user account which only can ftp and cannot telnet

how to create one user account which only can ftp and cannot telnet

BR
eric
Look forward
19 REPLIES
Suraj K Sankari
Honored Contributor
Solution

Re: how to create one user account which only can ftp and cannot telnet

Hi,

Just edit the last field of that users entry at /etc/passwd file

example
smith:*:100:100:8A-74(office):/home/smith:/usr/bin/sh

make it
smith:*:100:100:8A-74(office):/home/smith:/usr/bin/false

now smith can't login via telnet or ssh.

Suraj
Ganesan R
Honored Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi,

Normally user shell is defining where the user should go upon login. If you specify null shell (/usr/bin/false), then that user cannot get any shell.

When you create a user specify null shell.

#useradd -s /usr/bin/false username
Best wishes,

Ganesh.
Eric Unix
Frequent Advisor

Re: how to create one user account which only can ftp and cannot telnet

Hello Sirs

Thanks for your kind inputs, but i cannot ftp or fstp now after change " :/usr/bin/sh " to " :/usr/bin/false " .

The error show up -->
Fatal : unable to initialise SFTP : could not connect

Please help me

BR
eric
Look forward
Taifur
Respected Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi Eric & Unix,

You can do it from sam and give the user permission for ftp and deiny perpermission for telnet.


Rgds//
Taifur
Dennis Handly
Acclaimed Contributor

Re: how to create one user account which only can ftp and cannot telnet

>I cannot ftp or fstp now after change to /usr/bin/false.

You'll probably have to include that in /etc/shells.
Eric Unix
Frequent Advisor

Re: how to create one user account which only can ftp and cannot telnet

Hello Dears

Which function in sam , wouldy you kindly give the path of sam . Thanks a lot.

BR
eric
Look forward
Eric Unix
Frequent Advisor

Re: how to create one user account which only can ftp and cannot telnet

Hello Daniel

How to "You'll probably have to include that in /etc/shells" .

Thanks a lot
Look forward
Suraj K Sankari
Honored Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi,

You can modify this file /etc/shells if /usr/bin/false is not there then open this file and add this line /usr/bin/false
save the file and try...

Suraj
Suraj K Sankari
Honored Contributor

Re: how to create one user account which only can ftp and cannot telnet

Dennis Handly
Acclaimed Contributor

Re: how to create one user account which only can ftp and cannot telnet

>How to "include that in /etc/shells".

Just use vi on that file and add that line. If not there, you'll need to add the default shells:
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh

You may want to leave out those r* shells. (And the scummy C shell, just to discourage it's use. ;-)
Ganesan R
Honored Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi Eric,

Steps are little different for sftp. If you are using sftp use the shell opt/ssh/utils/sftponly instead of /usr/bin/false.

entry in password file should look like this..

user1:x:149:20:SFTP only user:/home/user1:/opt/ssh/utils/sftponly
Best wishes,

Ganesh.
James R. Ferguson
Acclaimed Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi:

> How to "You'll probably have to include that in /etc/shells" .

You might be amazed how questions like this can be answer by querying the manpages.

# man shells

...offers the principal insight, and following its "see also" references:

# man man getusershell

...tells you even more!

Regards!

...JRF...
Eric Unix
Frequent Advisor

Re: how to create one user account which only can ftp and cannot telnet

Hello ALL

Thanks for all of your help, and it work now . But if i want to user sftp. I found there are no " opt/ssh/utils/sftponly " in my current system. How to make it available ?

BR
thanks a lot.

ERIC
Look forward
James R. Ferguson
Acclaimed Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi (again):

> I found there are no " opt/ssh/utils/sftponly " in my current system. How to make it available ?

If you have Secure SHell installed you should have this:

# swlist|grep -i "secure shell"
T1471AA A.05.10.006 HP-UX Secure Shell

If you need this, then see:

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

Regards!

...JRF...
UVK
Trusted Contributor

Re: how to create one user account which only can ftp and cannot telnet

#touch /opt/ssh/utils/sftponly

and add those users to whom u want to give sftp access to that file

-uvk
-------------------------------------------
Like it or worked !! Click kudos !!
Eric Unix
Frequent Advisor

Re: how to create one user account which only can ftp and cannot telnet

Hello All

After add "/opt/ssh/utils/sftponly" in passwd file and touch /opt/ssh/utils/sftponly file

But show up error " access denied " after key in password in sftp tool

Please kidnly help me .

BR
eric
Look forward
avizen9
Esteemed Contributor

Re: how to create one user account which only can ftp and cannot telnet

Suraj K Sankari
Honored Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi,

Are you able to do ssh into the box, if yes then check the file permission which you create now, what is the permission now?

check this also is there any # (hash) mark there in file /etc/ssh/sshd_config

Subsystem sftp /usr/libexec/openssh/sftp-server

Suraj
Ganesan R
Honored Contributor

Re: how to create one user account which only can ftp and cannot telnet

Hi Eric,

Just touch the file is not enough.

#swlist |grep -i secure
T1471AA A.04.50.009 HP-UX Secure Shell

It should list like above. If not I would advice you to download and install HP secure shell from here..

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

That will create all the necessary files for you.
Best wishes,

Ganesh.