HPE Community
Operating System - HP-UX
1822042 Members
3658 Online
109640 Solutions
New Discussion юеВ

ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

 
SOLVED
Go to solution
Joe Profaizer
Super Advisor

тАО10-09-2002 05:55 AM

тАО10-09-2002 05:55 AM

ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

Do I just insert /bin/false as the shell for the account for this to happen. We only want these accounts to have ftp access ONLY.

Thanks!!
0 Kudos
Reply
8 REPLIES 8
Andrej Drobnic
New Member

тАО10-09-2002 05:56 AM

тАО10-09-2002 05:56 AM

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

Yes.
Don't forget to add "/bin/false" to /etc/shells or ftp access won't work.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО10-09-2002 05:57 AM

тАО10-09-2002 05:57 AM

Solution

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

That will allow your user to access FTP but nothing else. If you are running ftp on 11x then you can use /etc/ftpd/ftpaccess for even better control. Man ftpaccess for details.
If it ain't broke, I can fix that.
Reply
Joe Profaizer
Super Advisor

тАО10-09-2002 05:58 AM

тАО10-09-2002 05:58 AM

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

What if /etc/shells doesn't exist. Should I just create it. Will that affect my other shell programs? Do I need to add the other shell programs to /etc/shell?
0 Kudos
Reply
BFA6
Respected Contributor

тАО10-09-2002 06:01 AM

тАО10-09-2002 06:01 AM

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

Hi,

If /etc/shells doesn't exist, you will need to create it and add into any of the shells that use ftp, including /bin/false

Regards,

Hilary
Reply
Ian Dennison_1
Honored Contributor

тАО10-09-2002 06:02 AM

тАО10-09-2002 06:02 AM

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

If you really want to tighten security, use the ftpaccess file and switch on its utilisation in /etc/inetd.conf.

A User in ftp can still cause damage to the system by downloading, modyfing and uploading files.

But you never heard that from me.

Share and Enjoy! Ian Dennison
Building a dumber user
Reply
Michael Elleby III_1
Trusted Contributor

тАО10-09-2002 06:03 AM

тАО10-09-2002 06:03 AM

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

Hello-

I guess I would be quick to say yes, but in addition to giving the user a bogus shell, is it also your intention to keep the user in a certain directory (chroot jail) and not be able to move around in filesystems on your server?

Mike Elleby
Knowledge Is Power
Reply
Shannon Petry
Honored Contributor

тАО10-09-2002 06:08 AM

тАО10-09-2002 06:08 AM

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

Once you create the /etc/shells files, make sure to put all your valid shells for "connections" inside or you will have other problems.
I.E. my /etc/shells looks like this...
/sbin/sh
/bin/sh
/usr/bin/sh
/bin/csh
/usr/bin/csh
/bin/ksh/
/usr/bin/ksh
/usr/bin/false

Note: IBM and Solaris make ID's with shells in /bin, and not like HP in /usr/bin. Adding these shells by default makes for less problems/debugging later in a mixed environment.

Regards,
Shannon
Microsoft. When do you want a virus today?
Reply
Joe Profaizer
Super Advisor

тАО10-09-2002 06:24 AM

тАО10-09-2002 06:24 AM

Re: ftp account only needs ftp access -- No interactive login. Do I just use /bin/false as the shell?

Thanks to all. Issue resolved.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.