bloemkool1980
asked on
restrict users to login and ftp
Hi guru's
I would like to know how I could achieve that users have no telnet or ssh access but still can use the ftp service for example.
And they should be able to do an su to the users that have no direct login access such as telnet or ssh.
Thankie
I would like to know how I could achieve that users have no telnet or ssh access but still can use the ftp service for example.
And they should be able to do an su to the users that have no direct login access such as telnet or ssh.
Thankie
ASKER
Ok now the second part of the question is can I with this setup still do an su to this user ?
I need a user xapp to have ftp access but not a shell login.
Though when I start this application I would like to be able to do an su xapp.
I need a user xapp to have ftp access but not a shell login.
Though when I start this application I would like to be able to do an su xapp.
Just add a bit more infor. A normal user can su as a ftp-only-user (but can not do
"su - ftp_only_user". The ftp_only_user can't do su because he/she have no login
shell, hope the infor can help.
"su - ftp_only_user". The ftp_only_user can't do su because he/she have no login
shell, hope the infor can help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
indeed it helps but then I am back were I was. Maybe I am asking something which is impossible.
the xapp user should have a shell but not be possible to directly have a login on telnet or sshd.
the xapp user should have a shell but not be possible to directly have a login on telnet or sshd.
The users original question was never answered. The answer to the question is the following:
This can be accomplished using sudo:
1. Lock the app user password by placing *LK* in the shadow file where the encrypted password would be or by changing it to a new password and not distributing it.
2. Set up something similar to the following in your “sudoers” file:
THISHOST=yourhostname
User_Alias APPADMIN=user1,user2,etc
CmdAlias APPLOGIN=/usr/bin/su – appuser
APPADMIN THISHOST=APPLOGIN
3. After this is setup, your users will just login as themselves and type (/usr/local/bin will have to be in the users PATH):
# sudo /usr/bin/su – appuser
The user will then have to enter their own login password. When successful, they will be logged in as bv user.
Hope this helps.
-Josh
This can be accomplished using sudo:
1. Lock the app user password by placing *LK* in the shadow file where the encrypted password would be or by changing it to a new password and not distributing it.
2. Set up something similar to the following in your “sudoers” file:
THISHOST=yourhostname
User_Alias APPADMIN=user1,user2,etc
CmdAlias APPLOGIN=/usr/bin/su – appuser
APPADMIN THISHOST=APPLOGIN
3. After this is setup, your users will just login as themselves and type (/usr/local/bin will have to be in the users PATH):
# sudo /usr/bin/su – appuser
The user will then have to enter their own login password. When successful, they will be logged in as bv user.
Hope this helps.
-Josh
all you need to do is create a user with /bin/false as the the login shell, and make sure that
you add /etc/false into /etc/shells file.