denying shell script while allowing ftp

Forum Moderators: bakedjake

Message Too Old, No Replies

denying shell script while allowing ftp

I need to deny shell script to a user, but allow ftp

familyman

9:02 pm on Feb 3, 2004 (gmt 0)

I need to deny shell script to a user, but allow ftp. I haven't been successfull yet. If I go into /etc/passwd and set the user's shell to /bin/false, the user can't get in through ssh, but can't login through ftp either. If I set the shell to /bin/bash, they can login through either.

Thank you so much for the help (You guys are more help than the tech support from my ISP!)

-Phil

martin

10:39 am on Feb 4, 2004 (gmt 0)

Maybe your ftp server is set to check the user's shell for some reason and won't let them in. You'd better check its config.

PS. If you allow port forwarding with ssh users whose shell is /bin/false will still be able to do port forwarding. Just wanted to let you know that as I though they woulndn't be able to.

SeanW

2:20 am on Feb 5, 2004 (gmt 0)

FTP daemons usually consult /etc/shells or something similar to make sure the user has an approved shell. As the poster above noted, /bin/false probably isn't in that list.

Before you go adding /bin/false to the list, though, I suggest you make a copy of /bin/false called "/bin/ftponly" instead. Put that in /etc/shells, and assign it to the FTP only users. That way you know who your FTP users are, and can still use /bin/false to deny ftp and shell.

Sean