1. Add user for only can ftp
root # useradd -u 2009 -g 10 -d /export/home/userftp -c "Ftp user only" -m -s /bin/false userftp
64 blocks
root # more /etc/passwd
....
....
userftp:x:2009:10:Ftp user only:/export/home/userftp:/bin/false
root # passwd userftp
New Password:
Re-enter new Password:
passwd: password successfully changed for userftp
root #
create file /etc/shells, because by default this file not found in system
root # more /etc/shells
/etc/shells: No such file or directory
root #
root # vi /etc/shells
/bin/bash
/bin/csh
/bin/gnome-autogen.sh
/bin/hash
/bin/jsh
/bin/ksh
/bin/pfcsh
/bin/pfksh
/bin/pfsh
/bin/remsh
/bin/rksh
/bin/rsh
/bin/sh
/bin/ssh
/bin/tcsh
/bin/zsh
/bin/ftpaccess
/sbin/sh
# add this line
/bin/false
wq!
Now we check, after setting userftp only can ftp no telnet and ssh...
root # ftp localhost
Connected to localhost.
220 myhost FTP server ready.
Name (localhost:root): userftp
331 Password required for userftp.
Password:
230 User userftp logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 229 bytes in 0 transfers.
221-Thank you for using the FTP service on myhost.
221 Goodbye.
root # telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SunOS 5.9
login: userftp
Password:
Last login: Tue Sep 1 21:48:29 from localhost
Connection to localhost closed by foreign host.
root # ssh userftp@localhost
userftp@localhost's password:
Last login: Tue Sep 1 21:49:22 2009 from localhost
Connection to localhost closed.
root #
9 komentar:
Test
Mas.kenapa ga langsung di pakein '/bin/ftpaccess' di user shellnya, setau saya seh /bin/false, untuk user yang ga dikasih akses ke server, model2 nobody, www, etc.
@ndra memang benar,tapi yang ini untuk user supaya tidak bisa telnet dan ssh juga (sesuai request user)..hehehe
Ijin menyimak
Thanks for this detailed steps. It's indeed very helpful.
Thanks for posting. Keep posted!
I really need this information for me to guide in setting up. Keep on posting!
Wow..this is what am I looking for. I don't know how to set up but you shared the detailed steps. Thanks anyway.
~Janet - "Cool Math Kids Games"
Hi Thanks for sharing. May i know what the /bin/false shell is doing? I even checked man false but i am unable to understand. please explain.
Hi AnandRaj,
for disable some user for only can login only for ftp, A common solution to this is to set a user's shell to /bin/false. This has the effect of rejecting shell login attempts over ssh, telnet, or other shell-requesting protocols.
regards,
Tuna
Post a Comment