Date: Fri, 21 Jun 2002 19:06:45 +0200 From: "Daan Vreeken [PA4DAN]" <Danovitsch@Danovitsch.dnsq.org> To: Michael Grant <mg-fbsd3@grant.org> Cc: FreeBSD-Questions@FreeBSD.org Subject: Re: ssh/ftp only accounts Message-ID: <02062119064501.00478@FreeBSD.Danovitsch.LAN> In-Reply-To: <200206202017.g5KKHR814373@splat.grant.org> References: <200206202017.g5KKHR814373@splat.grant.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 20 June 2002 22:17, you wrote: > Can someone please tell me what the recommended way to set up an > account such that the user can only ftp and scp to a chrooted > directory? (i.e. no login shell). I don't know about scp, but I can tell you how I handle "ftp only" users... I created a group for all people who only need to have ftp-access to my machines (group: ftpusers). After that I created a fake shell something like this : ---- cut here #!/bin/sh echo "You are not allowed to login..." echo "bye now." ---- end (Put this script in /usr/local/bin/fakelogin or whereever) Then add this script to /etc/shells, since ftpd only allows users with a valid shell. Add users to the "ftpusers" group and give them the fakelogin shell. Now there's only one thing left to do : tell ftp to chroot when a ftpuser logs in. You can do this by simply adding "@ftpusers" on a line by itself (without the quotes) to the /etc/ftpchroot file. And here you go, all users in "ftpusers" are chroot-ed into their home-dirs when they log in. (Note this won't take your scp problems away, but it's a start) grtz, Daan -- Control the lights in my room: http://www.Danovitsch.dnsq.org/webcam Moo, ]:8) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02062119064501.00478>