Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'
You can tell proftpd to allow logins without a valid shell. It can also
set a default root directory for users so they can't see anything above
that point.
Ernest Johanson
Web Systems Administrator
Fuller Theological Seminary
On Sat, 25 Mar 2000, Adam Shand wrote:
> Date: Sat, 25 Mar 2000 17:51:06 -0900 (AKST)
> From: Adam Shand <larry@alaska.net>
> To: Damon Muller <dm-debian-user@empire.net.au>
> Cc: debian-user@lists.debian.org, recipient list not shown: ;
> Subject: Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'
>
> > I want to have easy freedom in limiting user access. I have killed
> > telnetd, and only sshd. I want to allow some users access through ssh,
> > some through ftpd, and some through samba. How can I turn off user
> > access through ssh, but keep their account, and allow them access
> > through ftp? Can I allow users access to shares through samba, and
> > allow them to ftp in, but not ssh or telnet?
>
> i'm not sure what you're options are for samba as i haven't used it for a
> long time ...
>
> for ssh you have two ways. give them a shell which is useless (/bin/false
> or /bin/true or make your own, eg. /usr/local/bin/nossh). then when they
> log in they will be immediately logged out again. the other option is to
> use the "AllowGroups" option in the sshd_config file. create a group called
> ssh, and add it to the AllowGroups option and then only people in the ssh
> group will be able to log in.
>
> for ftp pretty much the only way to do this is via their shell. ftp will
> only allow people to login whose shell is listed in /etc/shells. give users
> you don't want to have ftp access a shell like /bin/false or
> /usr/local/bin/noftp and make sure that shell never gets added to
> /etc/shells. more advanced ftp daemons like proftpd or ncftpd may have
> other options allowing you to do this via groups like ssh but i've never
> investigated it.
>
> adam.
>
Reply to: