HPE Community
Operating System - HP-UX
1825803 Members
2700 Online
109687 Solutions
New Discussion

how to create one user account which only can ftp and cannot telnet

 
SOLVED
Go to solution
Eric Unix
Frequent Advisor

‎04-16-2009 01:01 AM

‎04-16-2009 01:01 AM

how to create one user account which only can ftp and cannot telnet

how to create one user account which only can ftp and cannot telnet

BR
eric
Look forward
0 Kudos
Reply
19 REPLIES 19
Suraj K Sankari
Honored Contributor

‎04-16-2009 01:08 AM

‎04-16-2009 01:08 AM

Solution

Re: how to create one user account which only can ftp and cannot telnet

Hi,

Just edit the last field of that users entry at /etc/passwd file

example
smith:*:100:100:8A-74(office):/home/smith:/usr/bin/sh

make it
smith:*:100:100:8A-74(office):/home/smith:/usr/bin/false

now smith can't login via telnet or ssh.

Suraj
Reply
Ganesan R
Honored Contributor

‎04-16-2009 01:14 AM

‎04-16-2009 01:14 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi,

Normally user shell is defining where the user should go upon login. If you specify null shell (/usr/bin/false), then that user cannot get any shell.

When you create a user specify null shell.

#useradd -s /usr/bin/false username
Best wishes,

Ganesh.
Reply
Eric Unix
Frequent Advisor

‎04-16-2009 01:36 AM

‎04-16-2009 01:36 AM

Re: how to create one user account which only can ftp and cannot telnet

Hello Sirs

Thanks for your kind inputs, but i cannot ftp or fstp now after change " :/usr/bin/sh " to " :/usr/bin/false " .

The error show up -->
Fatal : unable to initialise SFTP : could not connect

Please help me

BR
eric
Look forward
0 Kudos
Reply
Taifur
Respected Contributor

‎04-16-2009 01:43 AM

‎04-16-2009 01:43 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi Eric & Unix,

You can do it from sam and give the user permission for ftp and deiny perpermission for telnet.


Rgds//
Taifur
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎04-16-2009 01:56 AM

‎04-16-2009 01:56 AM

Re: how to create one user account which only can ftp and cannot telnet

>I cannot ftp or fstp now after change to /usr/bin/false.

You'll probably have to include that in /etc/shells.
Reply
Eric Unix
Frequent Advisor

‎04-16-2009 02:05 AM

‎04-16-2009 02:05 AM

Re: how to create one user account which only can ftp and cannot telnet

Hello Dears

Which function in sam , wouldy you kindly give the path of sam . Thanks a lot.

BR
eric
Look forward
0 Kudos
Reply
Eric Unix
Frequent Advisor

‎04-16-2009 02:16 AM

‎04-16-2009 02:16 AM

Re: how to create one user account which only can ftp and cannot telnet

Hello Daniel

How to "You'll probably have to include that in /etc/shells" .

Thanks a lot
Look forward
0 Kudos
Reply
Suraj K Sankari
Honored Contributor

‎04-16-2009 02:23 AM

‎04-16-2009 02:23 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi,

You can modify this file /etc/shells if /usr/bin/false is not there then open this file and add this line /usr/bin/false
save the file and try...

Suraj
Reply
Suraj K Sankari
Honored Contributor

‎04-16-2009 02:24 AM

‎04-16-2009 02:24 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi again,

find similar thread in below link.
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1239877142211+28353475&threadId=957193

Suraj
Reply
Dennis Handly
Acclaimed Contributor

‎04-16-2009 02:30 AM

‎04-16-2009 02:30 AM

Re: how to create one user account which only can ftp and cannot telnet

>How to "include that in /etc/shells".

Just use vi on that file and add that line. If not there, you'll need to add the default shells:
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh

You may want to leave out those r* shells. (And the scummy C shell, just to discourage it's use. ;-)
Reply
Ganesan R
Honored Contributor

‎04-16-2009 03:34 AM

‎04-16-2009 03:34 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi Eric,

Steps are little different for sftp. If you are using sftp use the shell opt/ssh/utils/sftponly instead of /usr/bin/false.

entry in password file should look like this..

user1:x:149:20:SFTP only user:/home/user1:/opt/ssh/utils/sftponly
Best wishes,

Ganesh.
Reply
James R. Ferguson
Acclaimed Contributor

‎04-16-2009 04:14 AM

‎04-16-2009 04:14 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi:

> How to "You'll probably have to include that in /etc/shells" .

You might be amazed how questions like this can be answer by querying the manpages.

# man shells

...offers the principal insight, and following its "see also" references:

# man man getusershell

...tells you even more!

Regards!

...JRF...
Reply
Eric Unix
Frequent Advisor

‎04-16-2009 08:26 AM

‎04-16-2009 08:26 AM

Re: how to create one user account which only can ftp and cannot telnet

Hello ALL

Thanks for all of your help, and it work now . But if i want to user sftp. I found there are no " opt/ssh/utils/sftponly " in my current system. How to make it available ?

BR
thanks a lot.

ERIC
Look forward
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-16-2009 08:40 AM

‎04-16-2009 08:40 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi (again):

> I found there are no " opt/ssh/utils/sftponly " in my current system. How to make it available ?

If you have Secure SHell installed you should have this:

# swlist|grep -i "secure shell"
T1471AA A.05.10.006 HP-UX Secure Shell

If you need this, then see:

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

Regards!

...JRF...
Reply
UVK
Trusted Contributor

‎04-16-2009 08:47 AM

‎04-16-2009 08:47 AM

Re: how to create one user account which only can ftp and cannot telnet

#touch /opt/ssh/utils/sftponly

and add those users to whom u want to give sftp access to that file

-uvk
-------------------------------------------
Like it or worked !! Click kudos !!
Reply
Eric Unix
Frequent Advisor

‎04-16-2009 06:04 PM

‎04-16-2009 06:04 PM

Re: how to create one user account which only can ftp and cannot telnet

Hello All

After add "/opt/ssh/utils/sftponly" in passwd file and touch /opt/ssh/utils/sftponly file

But show up error " access denied " after key in password in sftp tool

Please kidnly help me .

BR
eric
Look forward
0 Kudos
Reply
avizen9
Esteemed Contributor

‎04-16-2009 07:02 PM

‎04-16-2009 07:02 PM

Re: how to create one user account which only can ftp and cannot telnet

please go through this doc

http://docs.hp.com/en/B2355-90685/ch02s07.html
Reply
Suraj K Sankari
Honored Contributor

‎04-16-2009 09:04 PM

‎04-16-2009 09:04 PM

Re: how to create one user account which only can ftp and cannot telnet

Hi,

Are you able to do ssh into the box, if yes then check the file permission which you create now, what is the permission now?

check this also is there any # (hash) mark there in file /etc/ssh/sshd_config

Subsystem sftp /usr/libexec/openssh/sftp-server

Suraj
Reply
Ganesan R
Honored Contributor

‎04-17-2009 01:32 AM

‎04-17-2009 01:32 AM

Re: how to create one user account which only can ftp and cannot telnet

Hi Eric,

Just touch the file is not enough.

#swlist |grep -i secure
T1471AA A.04.50.009 HP-UX Secure Shell

It should list like above. If not I would advice you to download and install HP secure shell from here..

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

That will create all the necessary files for you.
Best wishes,

Ganesh.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.