Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Selectively disable SSH and FTP

Posted on 2003-03-04
2
Medium Priority
?
355 Views
Last Modified: 2010-04-22
I am running Mandrake 9 with SSH, FTP and Apache.  I want to allow all of my users to access the server via FTP, but I only want administrators to access it via SSH.  

I tried to edit the /etc/security/access.conf file, but it didn't work for me, maybe I used incorrect syntax.
-:<group>:ALL

I also tried changing the shell in /etc/passwd from /bin/bash to /sbin/nologin, but that eliminated FTP access too.  

Any suggestions would be helpful! Thanks

Matthew Brainard
brainarm_mweb@yahoo.com
0
Comment
Question by:brainarm38802
2 Comments
 

Author Comment

by:brainarm38802
ID: 8069037
Ok... nevermind... I figured it out! In the sshd_config file I just needed the line:

DenyGroups <group>

Now that I feel stupid for asking the question, and then answering it myself; I will be nice and award the first person to leave a response the 50 points.
0
 
LVL 2

Accepted Solution

by:
jimbb earned 200 total points
ID: 8069963
8)

Don't feel stupid though, there are several ways to handle it.  You found what is probably the simplest one.

You could alternatively -- or in addition to what you've already done (recommended) -- use the nologin shell, and then add that shell to /etc/shells in order to open ftp access back up (many ftp servers, apparently including yours, check this file before allowing access).
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
Integration Management Part 2
Loops Section Overview

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question