[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'

Quoth Percival, 
> I want to have easy freedom in limiting user access.  I have killed
> telnetd, and only sshd.  I want to allow some users access through
> ssh, some through ftpd, and some through samba.  How can I turn off
> user access through ssh, but keep their account, and allow them access
> through ftp?  Can I allow users access to shares through samba, and
> allow them to ftp in, but not ssh or telnet?

This doesn't really address the issue of keeping communications secure,
and isn't an answer to all of your problems, but...

One way you can disallow SSH but allow FTP for a user is to change their
login shell to something like /bin/false, and set /bin/false as a valid
login shell in /etc/shells. This will allow them to SSH in, but won't
actually let them have an interactive shell (ie., they'll be bounced
back out as soon as they have authenticated). Most FTP clients will only
allow FTP logins if the user has a valid shell listed in /etc/shells, so
FTP will still let them in if /bin/false is in /etc/shells.

As for Samba, I'm not so sure. I seem to recall there is something in
the way of setting allowed users, but don't know the details off the
top of my head. On way, is if they are coming from predictable IPs, just
put their IP in smb.conf's `allow hosts' line.




Damon Muller (dm-sig6@empire.net.au) /  It's not a sense of humor.
* Criminologist                     /  It's a sense of irony
* Webmeister                       /  disguised as one.
* Linux Geek                      /     - Bruce Sterling 

- Running Debian GNU/Linux: Doing my bit for World Domination (tm) -

Attachment: pgp9IDK27CxmI.pgp
Description: PGP signature

Reply to: