restrict login?

[inetd]

How can I disable an account to login the server except ftp serivce? I am using proftpd.

What is the difference between setting the login shell to /bin/false and /sbin/nologin?


Thanks.

 

[eepico]

Both /bin/false and /sbin/nologin are the shells used by some machine accounts which they will never logon to the server.

To only allow user to use ftp service/command, you can simply write a shell script and put the ftp command inside it, like:
--------------
#!bin/sh
/usr/bin/ftp
--------------
and save it as e.g. /bin/ftponly. Then run #usermod -s /bin/ftponly <username> as root to change the user's login shell. After that when the user login, he/she can only run ftp and no more.

Hope this help you.

 

[inetd]

Thanks eepico,

However I need to disable someone logging in to the server through telnet / ssh but allow him to ftp to the server.

How can I do that?

Thanks.

 

[ianicr]

As eepice says running the usermod with a -s command sets the default shell. If the default shell is set to /bin/false this will disable telnet/ssh logins. You can then set up to allow different users in the anonymous section of proftpd.conf. Hope this helps

 

[LimJim]

Hi Inetd,

I recently also require to configure a user that only allow ftp only not not login.

To do this, I created an user account with password as usual. Following, that, you will require to change the user shell to /sbin/nologin.

Command: chsh -s /sbin/nologin ftpres
Where ftpres is the ftp user name.

By doing so, user ftpres will not be allowed to perform any form of login. However, it could perform ftp but only at it own HOME directory only. It will not be allow to traverse to it parent directory. Just to share and hope it helps.