disable shell - enable proftpd

debian woody
proftpd

i have enabled DefaultRoot ~ for ProFTPd

I wish to disable shell access for a given user and allow ftp access only.

best/easiest way to acheive this?

thanks
baskoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yuzhCommented:
Just created an account as a normal user account. But instead of
a shell,(/bin/csh, /bin/bash, ...) just put /bin/false as the
shell and that user won't be able to do shell login (eg, use telnet etc)

0
baskoAuthor Commented:
it seems that when I do this  the ftp login fails also!?
0
yuzhCommented:
Can you using ftp when it has a normal shell (/bin/csh, /bin/bash, ...).
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

yuzhCommented:
I don't has debian + ProFTPd, you can try the followings:

create a file /bin/ftpaccess

echo 'echo "This account is for ftp access only"' > /bin/ftpaccess

chmod a+x /bin/ftpaccess to give it execution rights

Add /bin/ftpaccess into the /etc/shells file
*It is important to have the other shells there as well

create an account that you want to have the ftp access only and for its shell, put /bin/ftpaccess

You will have to set the rights to the directory that you want the account go to.

If you try to telnet to that account, you will get the message "This account is for ftp access only".




0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
baskoAuthor Commented:
that seems to do the trick

i had to add #!/bin/bash at the head of the ftpaccess script

root can login to the account using su -s /bin/bash

thanks
0
yuzhCommented:
For security reason, you should not allow root to do ftp. IF you have to allow
root to do FTP, use secure shell instead. (ssh comes with secure FTP, sftp).

Cheers!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.