Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

/bin/false not working for FTP only user...

Status
Not open for further replies.
Technobie

Technobie

MIS
Oct 13, 2003
18
US
Hi all,

Ok - I'm pulling my hair out now. I've searched through this forum and read the questions/answers on how to restrict FTP users to FTP only (no ssh/telnet). So far, I have added /bin/false, /sbin/nologin, created this script: /bin/ftponly
#!bin/sh
/usr/bin/ftp

No werky! But, as soon as I add /bin/bash back as the shell, bingo! I can log on. This specific server is Red Hat 7 w/vsftp, I'm using FileZilla, connecting using SFTP.

Any ideas??

Thanks!

Chris

Chris Driver
//UNIX like TeePee. No Windows, No Gates, Apache inside.\\ :D
 
Sort by date Sort by votes
When you set your FTP-only user's login to, for example, /bin/false, that user can't login by FTP?

Does your FTP server's configuration require that a user have a valid login shell? If so, setting the user's login shell to /bin/false will also lock him out of FTP.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
>>When you set your FTP-only user's login to, for example, /bin/false, that user can't login by FTP?<<

Yes. My /etc/shells file has /bin/false as well as /sbin/nologin.

Chris
 
Upvote 0 Downvote
VSFTP doesn't support encryption of any kind. It's only called "very secure" for the way it integrates into the PAM module in Redhat and it's file permissions / structure.

Sounds like what you're trying to do is use the secure ftp functionality of the SSH server...which is why you need to have a real shell for your user to make it work.

When you do a SFTP from FileZilla, it defaults to port 22...which is SSH (or in this case, SSH's secure ftp server)...not FTP.
 
Upvote 0 Downvote

Hi

From you post it looks like you're trying to add a user and only allow them to transfer files.

First: you want to use SFTP to do this. This should already be installed on your linux machine. The sftp-server is in /usr/libexec/sftp-server if you are on a redhatish machine.

So, here's the steps to accomplish what you need:

1) Add /usr/libexec/sftp-server to your /etc/shells
2) Change the restricted users' shells in /etc/passwd to /usr/libexec/sftp-server

That should do it.
 
Upvote 0 Downvote
sftp-server is a subset of openssh. You will still have to have an actual shell configured for your account (other than /bin/false or /sbin/nologin) to use sftp-server.
 
Upvote 0 Downvote
bwilliams said:
sftp-server is a subset of openssh. You will still have to have an actual shell configured for your account (other than /bin/false or /sbin/nologin) to use sftp-server.



You probably didn't read my post very carefully.

In /etc/passwd, set sftp-server as the user's SHELL
Yes, this _does_ work. And, yes, they won't be able to login anymore, but they WILL be able to login/transfer files using SFTP. sftp-server _also_ needs to be listed in the /etc/shells file for the system to accept it as a valid user shell.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
410
gbaughma
gbaughma
Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
140
Krus1972
Krus1972
hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
165
Stephen_Hawk
Stephen_Hawk
krabban
  • Locked
  • Question
Dirvish for backup
Replies
0
Views
138
krabban
krabban
msk69
  • Locked
  • Question
Format Conversion query
Replies
6
Views
160
MBTC
MBTC

Part and Inventory Search

Sponsor

Back
Top