• Post Reply Bookmark Topic Watch Topic
  • New Topic

Quick Question -- User Accounts  RSS feed

 
Pat Flickner
Ranch Hand
Posts: 173
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm admin'ing a Sun Solaris 9 machine right now and I want to be able to limit a new userid I've created to just ftp. Can this be done, or is it just wishful thinking? Thanks very much.

Pat
 
Petr Blahos
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, I wouldn't be too sure about that but what if you
changed the login shell to, lets say /bin/true? Then the
user couldn't login/telnet/ssh. She could ftp, scp, and other
things that do not require interactive shell.

I have just realized that it doesn't work, because you can
specify a command to ssh, then there are things like rsh.
How about disabling all services? I know...

Probably the best way to do that would be if the ftp server
supported that. You know, if you can make the ftp server
accept a separate user+password+home-dir list.

Not very helpful I am afraid.
P.
 
Peter Rooke
Ranch Hand
Posts: 900
7
Java Linux Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could try this, but it may cause problems (I’ve never done it)

Change the /etc/passwd file so that, for that particular user, instead of running a shell - they only run the ftp client.

In the passwd file, if you look for the ":/usr/bin/bash:" section and change it to ":FTPPATHNAME/ftp:". This instructs the init process to spawn only the ftp client when that user logs in.

When I can get onto a Linux box, I’ll try this and let you know if it works.
[ November 18, 2004: Message edited by: Peter Rooke ]
 
Tim Holloway
Saloon Keeper
Posts: 18799
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you change the login shell to a no-login shell, I think you'll find that ssh will be denied a login as well. Probably so would rsh, but I have that permanently disabled myself.

That would probably also cover scp, too. Somewhere out there (tldp.org ?) there's probably some documentation on this.
 
Pat Flickner
Ranch Hand
Posts: 173
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Okay, going backward:

3) couldn't find anything on setting up a no-login shell;

2) tried setting the login script to point to /bin/ftp in /etc/passwod; however, that made it so I couldn't log on at all with the userid;

1) no, it's not that it's not helpful, but that I can't find any info.

But I really thank you all for your comments. Playing around with this is teaching me far more than no problems would. And these are really all great ideas, so don't think I'm not grateful.

If you think of anything else, please holler.

Thanks, all!

Pat
 
Petr Blahos
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Will this help?
http://www.experts-exchange.com/Operating_Systems/Solaris/Q_20901298.html

http://www.experts-exchange.com/Operating_Systems/Solaris/Q_21050216.html

http://www.tek-tips.com/faqs.cfm?fid=2315
 
Tim Holloway
Saloon Keeper
Posts: 18799
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Traditionally, I believe the shell for o-login accounts was /bin/false, but recently I've seen /bin/nologin used. Don't know if there's a functional difference.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!