FTP Unable To Connect With Restricted Account

[gharabed]

I am trying to set up an "ftp only" account where the user cannot login via telnet. I created the user using admintool and gave it a shell of "/bin/false" and then gave it a password (of course I have a home directory set, etc).

However, when I try to ftp to the machine/user I get "530 Login Incorrect". I even tried setting the account to "no password" and I still get the error. Is there someplace I have to say "...let this user ftp into this machine?"

Thanks,
Greg

 

[gharabed]

UPDATE...I changed the shell to be /bin/csh and what do you know. I can FTP in now. However, I can also Telnet in. How do I restrict telnet access but allow ftp access?

 

[packageman]

Have an entry in /etc/shells?

 

[lsherwood]

To remove telnet server capabilites, you should comment out the "telnet" lines in /etc/services and /etc/inet/inetd.conf. For these changes to take effect, you would to a "kill -HUP ..." on inetd.

Larry

 

[gharabed]

No, I still want to be able to telnet to the machine, I just don't want the "ftponly" account that I created to be able to telnet into the machine...only ftp. I don't want to remove all telnet capabilities from the machine. Only for one particular user.

 

[gharabed]

Isn't /etc/shells a WU-FTPD specific thing or is it a Solaris ftp thing too? I din't see any file called /etc/shells.

 

[gharabed]

Oh, so wu-ftp is an alternative to the standard ftpd? We are running ftpd. Am I unable to do an "ftp" only account with ftpd? Do I have to use wu-ftp?

 

[gharabed]

Ok...I further researched this myself and found the answer for anybody that cares. Basically all you need to do is create a file called /etc/shells that contains all of the shells you want to be able to run. In my case the file looks like:

/bin/csh
/bin/sh
/bin/ksh
/bin/tcsh
/bin/false

That's it. Now, I can ftp in to the machine but cannot telnet in. Perfect! Just what I wanted.