Tuesday, September 01, 2009

How to setting user only can ftp in solaris

Sometimes we want to create a user who entered the system can only be run ftp, how can make it ?

1. Add user for only can ftp
root # useradd -u 2009 -g 10 -d /export/home/userftp -c "Ftp user only" -m -s /bin/false userftp
64 blocks

root # more /etc/passwd
....
....
userftp:x:2009:10:Ftp user only:/export/home/userftp:/bin/false

root # passwd userftp
New Password:
Re-enter new Password:
passwd: password successfully changed for userftp
root #



create file /etc/shells, because by default this file not found in system
root # more /etc/shells
/etc/shells: No such file or directory
root #

root # vi /etc/shells
/bin/bash
/bin/csh
/bin/gnome-autogen.sh
/bin/hash
/bin/jsh
/bin/ksh
/bin/pfcsh
/bin/pfksh
/bin/pfsh
/bin/remsh
/bin/rksh
/bin/rsh
/bin/sh
/bin/ssh
/bin/tcsh
/bin/zsh
/bin/ftpaccess
/sbin/sh
# add this line
/bin/false
wq!

Now we check, after setting userftp only can ftp no telnet and ssh...
root # ftp localhost
Connected to localhost.
220 myhost FTP server ready.
Name (localhost:root): userftp
331 Password required for userftp.
Password:
230 User userftp logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 229 bytes in 0 transfers.
221-Thank you for using the FTP service on myhost.
221 Goodbye.

root # telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


SunOS 5.9

login: userftp
Password:
Last login: Tue Sep 1 21:48:29 from localhost
Connection to localhost closed by foreign host.

root # ssh userftp@localhost
userftp@localhost's password:
Last login: Tue Sep 1 21:49:22 2009 from localhost
Connection to localhost closed.
root #

9 komentar:

Fikri said...

Test

ndra said...

Mas.kenapa ga langsung di pakein '/bin/ftpaccess' di user shellnya, setau saya seh /bin/false, untuk user yang ga dikasih akses ke server, model2 nobody, www, etc.

ndevtuna said...

@ndra memang benar,tapi yang ini untuk user supaya tidak bisa telnet dan ssh juga (sesuai request user)..hehehe

Sandy said...

Ijin menyimak

Weddings Invitation said...

Thanks for this detailed steps. It's indeed very helpful.

Thanks for posting. Keep posted!

Airbrush Tan said...

I really need this information for me to guide in setting up. Keep on posting!

Janet Cox said...

Wow..this is what am I looking for. I don't know how to set up but you shared the detailed steps. Thanks anyway.

~Janet - "Cool Math Kids Games"

AnandRaj ஆனந்த் ராஜ் said...

Hi Thanks for sharing. May i know what the /bin/false shell is doing? I even checked man false but i am unable to understand. please explain.

ndevtuna said...

Hi AnandRaj,

for disable some user for only can login only for ftp, A common solution to this is to set a user's shell to /bin/false. This has the effect of rejecting shell login attempts over ssh, telnet, or other shell-requesting protocols.

regards,
Tuna

Post a Comment

 
footer