FTP access only not others

FTP access only not others

Post by Pinneke Tjandan » Sun, 29 Jun 2003 02:30:11



Hi all,
I'm using  wuftpd on Linux and am trying to figure out how to prevent
the ftp user from doing other than ftp, say he/she cannot do ssh,
telnet, etc.  How to do this?  Plese help, thanks.

PTT

 
 
 

FTP access only not others

Post by Martin Schoe » Sun, 29 Jun 2003 04:03:44



> I'm using  wuftpd on Linux and am trying to figure out how to prevent
> the ftp user from doing other than ftp, say he/she cannot do ssh,
> telnet, etc.  How to do this?  Plese help, thanks.

Have your box only fired up wuftp, not ssh, not inetd, not telnet, not
others.

Use tcp_wrappers.

Use a firewall.

Use manpages.

More hints?

Martin

 
 
 

FTP access only not others

Post by Barry Margoli » Sun, 29 Jun 2003 04:01:41




Quote:>Hi all,
>I'm using  wuftpd on Linux and am trying to figure out how to prevent
>the ftp user from doing other than ftp, say he/she cannot do ssh,
>telnet, etc.  How to do this?  Plese help, thanks.

Change his default shell to /bin/false, and add this to /etc/shells.

--

Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

FTP access only not others

Post by Khalid Schofiel » Sun, 29 Jun 2003 20:13:54


Hi
have you looked at PAM? I use that in a kinda similar way to lock down all
accounts accept two from using from to connect to my server.

Khalid Schofield


> Hi all,
> I'm using  wuftpd on Linux and am trying to figure out how to prevent
> the ftp user from doing other than ftp, say he/she cannot do ssh,
> telnet, etc.  How to do this?  Plese help, thanks.

> PTT

 
 
 

FTP access only not others

Post by WZI » Tue, 01 Jul 2003 18:08:48



> Hi all,
> I'm using  wuftpd on Linux and am trying to figure out how to prevent
> the ftp user from doing other than ftp, say he/she cannot do ssh,
> telnet, etc.  How to do this?  Plese help, thanks.

> PTT

You can use AutoFTP software (can be downloaded from
http://wzce.tripod.com/) to achieve this:
1. Put the ftp user's password under dual control, means split the
passoword into 2 parts held by 2 persons so that nobody will know the
whole password.
2. On machines that need to transfer files with the Linux using the
ftp user account, use aftpkey to setup AutoFTP encrypted password.
3. You now can do ftp with the linux without to know the password of
the ftp user.
 
 
 

FTP access only not others

Post by Mali Zma » Tue, 01 Jul 2003 18:23:28



>Change his default shell to /bin/false, and add this to /etc/shells.

Hi,
this advice helps me to.
Tnx.  :o)

But.. how can I prevent this user to stay in his home directory, not to go
directory below.
For example:
his home directory is /home/test and he shouldn't be able to see /home, but
he should be able to go to /home/test/log

bye,
Mario

 
 
 

FTP access only not others

Post by Khalid Schofiel » Wed, 02 Jul 2003 00:21:12


look at chroot ( do a man chroot)

khalid schofield



> >Change his default shell to /bin/false, and add this to /etc/shells.

> Hi,
> this advice helps me to.
> Tnx.  :o)

> But.. how can I prevent this user to stay in his home directory, not to go
> directory below.
> For example:
> his home directory is /home/test and he shouldn't be able to see /home, but
> he should be able to go to /home/test/log

> bye,
> Mario

 
 
 

1. Apache 2.0.45 Access Denied to somesites and not others

Some browsers ( notably IE5.5.50 / NT4 on PC - IE6 / XP) are receiving
a FORBIDDEN message in trying to access some sites on my server
running OS X Apache/2.0.45 (iTools 7/Mac OS X) DAV/2 PHP/4.3.1
mod_ssl/2.0.45 OpenSSL/0.9.6e

All MAC browsers ( IE, Mozilla, Safari, Camino) work 100% as does PC
Mozilla 1.3.1 and Netscape 7.02

Error log says it a Permission denied but all sites on th eserver are
set up identically

This happens when the browser requests just the URL  ie
www.portdouglasgetaways.com.au  with or without the trailing slash
Access is fine if index.html is appended after the slash

Yet if a similar request is made to say  www.satechforum.com  there
are no probs from any browser

Any Ideas?

Bill

2. glibc-2.1 install problems

3. can access some sites, not others. HELP

4. AGPMode 4 with Matrox G450 DualHead.

5. ftp, gftp, igloo-ftp and others

6. Login names greater than 8 characters at 3.2

7. FTP Access but NOT Telnet

8. 1 cpu or 2 cpu

9. Can I prevent pinging from others and still ping others?

10. USers with ftp access to a system but not ssh.

11. Help Wanted: tcsh clashes with ftp access (csh does not)

12. cannot access ftp server -- getpeername (in.ftpd): Transport endpoint is not connected

13. Delay on initial access server ftp, http and telnet, etc - NOT usual reverse dns problem