httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Stephenson" <>
Subject RE: disabling system logon and allowing ftp login
Date Fri, 12 Jul 2002 12:57:51 GMT
I have looked through the ftpaccess file, and I am still confused.  I have setup real user
accounts for people, and when I try to change from /bin/bash to /bin/false that user can no
longer log into the ftp server.  The following is a copy of my /etc/passwd ~/etc/passwd and
/etc/ftpaccess file.

/etc/passwd  [example of a user I setup]




/etc/ftpaccess is

#This file controls the behavior of the wu-ftpd
# ftp server.
# If you're looking for a graphical frontend to
# editing it, try kwuftpd from the kdeadmin
# package.

# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
#allow-uid ftp
#allow-gid ftp

# Chroot all users to their home directory by default
# (comment this out if you don't want to chroot most of your users)
guest-root /home/sites
guestuser *
restrict-uid *
# If you wish to allow user1 and user2 to access other
# directories, use the line below:
# realuser user1,user2

# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
# the ftpchroot group and add the user to it.
# You will need to setup the required applications
# and libraries in the root directory (set using
# guest-root).
# Look at the anonftp package for the files you'll need.
# guestgroup ftpchroot

# User classes...
class   all   real,guest  *

# Set this to your email address

# Allow 5 mistyped passwords
loginfails 5

# Notify the users of README files at login and when
# changing to a different directory
readme  README*    login
readme  README*    cwd=*

# Messages displayed to the user
message /welcome.msg            login
message .message                cwd=*

# Allow on-the-fly compression and tarring
compress        yes             all
tar             yes             all

# Prevent anonymous users (and partially guest users)
# from executing dangerous commands
chmod           no              guest,anonymous
delete          no              anonymous
overwrite       no              anonymous
rename          no              anonymous

# Turn on logging to /var/log/xferlog
log transfers anonymous,guest,real inbound,outbound

# If /etc/shutmsg exists, don't allow logins
# see ftpshut man page
shutdown /etc/shutmsg

# Ask users to use their email address as anonymous
# password
passwd-check rfc822 warn

Any further assistance would be greatly appreciated.

Paul Stephenson

-----Original Message-----
From: Owen Phillis [] 
Sent: Tuesday, July 09, 2002 4:32 PM
To: Paul Stephenson
Cc: wuftp-questions
Subject: Re: disabling system logon and allowing ftp login

Hi man, 

dont give the users a shell. or create guest access to the server for evey user, rather than
setup real accounts on the machine. 

man ftpaccess 

has all the details... 

but in short to stop a real user logging in via telnet or whatever, just change the users
entry in the /etc/passwd file from something like this. 

owen:x:500:100:Owen Phillis:/home/owen:/bin/bash 

to something like this (the change is at the end) 

owen:x:500:100:Owen Phillis:/home/owen:/bin/false 

On Tue, 2002-07-09 at 17:50, Paul Stephenson wrote: 
Hello all, 


I was trying to figure out how to allow people to login to ftp but not allow them to logon
to actual server.  If someone could help I would appreciate it.  I am using Red Hat 7.3
and wu-ftpd 2.6.2-5, and I am setting up guest ftp using the guest-root directive.  



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message