httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lee Fellows <lfell...@4lane.com>
Subject RE: disabling system logon and allowing ftp login
Date Fri, 12 Jul 2002 17:00:15 GMT
Paul,

  Is /bin/false in /etc/shells?



On Fri, 2002-07-12 at 08:57, Paul Stephenson wrote:
> I have looked through the ftpaccess file, and I am still confused.  I have setup real
user accounts for people, and when I try to change from /bin/bash to /bin/false that user
can no longer log into the ftp server.  The following is a copy of my /etc/passwd ~/etc/passwd
and /etc/ftpaccess file.
> 
> /etc/passwd  [example of a user I setup]
> 
> onramp:1PFTp60AqHswg:505:505::/home/sites:/bin/false
> 
> ~/etc/passwd 
> 
> onramp::505:505::/www.mittefoundation.org:
> 
> /etc/ftpaccess is
> 
> #This file controls the behavior of the wu-ftpd
> # ftp server.
> #
> # If you're looking for a graphical frontend to
> # editing it, try kwuftpd from the kdeadmin
> # package.
> 
> # Don't allow system accounts to log in over ftp
> deny-uid %-99 %65534-
> deny-gid %-99 %65534-
> #allow-uid ftp
> #allow-gid ftp
> 
> # Chroot all users to their home directory by default
> # (comment this out if you don't want to chroot most of your users)
> guest-root /home/sites
> guestuser *
> restrict-uid *
> # If you wish to allow user1 and user2 to access other
> # directories, use the line below:
> # realuser user1,user2
> 
> 
> # The ftpchroot group doesn't exist by default, this
> # entry is just supplied as an example.
> # To chroot a user, modify the line below or create
> # the ftpchroot group and add the user to it.
> #
> # You will need to setup the required applications
> # and libraries in the root directory (set using
> # guest-root).
> #
> # Look at the anonftp package for the files you'll need.
> # guestgroup ftpchroot
> 
> # User classes...
> class   all   real,guest  *
> 
> # Set this to your email address
> email bmoore@ficgroup.com
> 
> # Allow 5 mistyped passwords
> loginfails 5
> 
> # Notify the users of README files at login and when
> # changing to a different directory
> readme  README*    login
> readme  README*    cwd=*
> 
> # Messages displayed to the user
> message /welcome.msg            login
> message .message                cwd=*
> 
> # Allow on-the-fly compression and tarring
> compress        yes             all
> tar             yes             all
> 
> # Prevent anonymous users (and partially guest users)
> # from executing dangerous commands
> chmod           no              guest,anonymous
> delete          no              anonymous
> overwrite       no              anonymous
> rename          no              anonymous
> 
> # Turn on logging to /var/log/xferlog
> log transfers anonymous,guest,real inbound,outbound
> 
> # If /etc/shutmsg exists, don't allow logins
> # see ftpshut man page
> shutdown /etc/shutmsg
> 
> # Ask users to use their email address as anonymous
> # password
> passwd-check rfc822 warn
> 
> Any further assistance would be greatly appreciated.
> 
> Paul Stephenson
> 
> 
> -----Original Message-----
> From: Owen Phillis [mailto:owen@aesir.ath.cx] 
> Sent: Tuesday, July 09, 2002 4:32 PM
> To: Paul Stephenson
> Cc: wuftp-questions
> Subject: Re: disabling system logon and allowing ftp login
> 
> Hi man, 
> 
> dont give the users a shell. or create guest access to the server for evey user, rather
than setup real accounts on the machine. 
> 
> man ftpaccess 
> 
> has all the details... 
> 
> but in short to stop a real user logging in via telnet or whatever, just change the users
entry in the /etc/passwd file from something like this. 
> 
> owen:x:500:100:Owen Phillis:/home/owen:/bin/bash 
> 
> 
> to something like this (the change is at the end) 
> 
> owen:x:500:100:Owen Phillis:/home/owen:/bin/false 
> 
> 
> 
> 
> On Tue, 2002-07-09 at 17:50, Paul Stephenson wrote: 
> Hello all, 
> 
>   
> 
> I was trying to figure out how to allow people to login to ftp but not allow them to
logon to actual server.  If someone could help I would appreciate it.  I am using Red Hat
7.3 and wu-ftpd 2.6.2-5, and I am setting up guest ftp using the guest-root directive.  
> 
>   
> 
> Paul 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message