Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'
> I want to have easy freedom in limiting user access. I have killed
> telnetd, and only sshd. I want to allow some users access through ssh,
> some through ftpd, and some through samba. How can I turn off user
> access through ssh, but keep their account, and allow them access
> through ftp? Can I allow users access to shares through samba, and
> allow them to ftp in, but not ssh or telnet?
i'm not sure what you're options are for samba as i haven't used it for a
long time ...
for ssh you have two ways. give them a shell which is useless (/bin/false
or /bin/true or make your own, eg. /usr/local/bin/nossh). then when they
log in they will be immediately logged out again. the other option is to
use the "AllowGroups" option in the sshd_config file. create a group called
ssh, and add it to the AllowGroups option and then only people in the ssh
group will be able to log in.
for ftp pretty much the only way to do this is via their shell. ftp will
only allow people to login whose shell is listed in /etc/shells. give users
you don't want to have ftp access a shell like /bin/false or
/usr/local/bin/noftp and make sure that shell never gets added to
/etc/shells. more advanced ftp daemons like proftpd or ncftpd may have
other options allowing you to do this via groups like ssh but i've never
investigated it.
adam.
Reply to: