Security Issues

[brettr1234]

I have 2 questions, How can i restrict a user to their home directory. I know about rbash but i dont particulary like it. Any other ways?

2. How can i disable a user from logging in over SSH but not over FTP

Thanks,
Brett

 

[sleipnir214]

The second one is easy. Set their default login to "/dev/null".

The first one is kinda tough. How much do you want the user to be able to do?

 

[brettr1234]

For first one I want the user to be able to do pretty much everythiong he can normaly do except i dont want him to be able to leave his home directory. As for the /dev/null I have edited the /etc/passwd file and set it to /dev/null but the user cant login to the FTP

 

[sleipnir214]

Oops, Sorry about that. I tested my answer before I posted. Created a user "foo" with password "bar" and set default shell to "/dev/null"

I'm using proFTPd as my FTP server, and I have SQL athentication turned on. Want to guess what leftover userid/password I had in my database?

 

[sleipnir214]

Waitaminnit. I just realized that my configuration can be one solution.

 

[brettr1234]

I am also using proftpd as my ftp server dont think i have SQL authentication, what is that?

 

[sleipnir214]

Rather than proFTPd authenticating against /etc/passwd, it authenticates users against data stored in a MySQL database table.

Support for mod_sql comes with proFTPd, but is not compiled in by default.

 

[brettr1234]

I am using the debian version of proftpd, i suppose i will have to downlaod and compile proftpd. Will the passwords in the database use MD5 encryption?

 

[fluid11]

Set the users shell in /etc/passwd to /bin/false and edit the /etc/shells file to include /bin/false. This will disallow SSH logins (as well as all other logins), but they will still be able to connect to the FTP server.

foobar:x:518:519::/home/foobar:/bin/false

ChrisP ---------------------------------------
If someone's post was helpful to you, please click the box "Click here to mark this post as a helpful or expert post".