Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

vsftpd
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
TenPin
Guru
Guru


Joined: 26 Aug 2002
Posts: 500
Location: Kansas City
PostPosted: Thu May 15, 2003 6:37 pm    Post subject: vsftpd Reply with quote
I'm trying to use vsftpd to block anonymous access and allow 1 user to log in with a password. However, this user must NOT have a usable account for logging in to the machine at the console or via ssh.

I tried giving the user a shell of /bin/false in /etc/passwd which doesn't work as it prevents you from logging in via ftp.

Is this possible any other way ?
Back to top
View user's profile Send private message
TenPin
Guru
Guru


Joined: 26 Aug 2002
Posts: 500
Location: Kansas City
PostPosted: Thu May 15, 2003 7:30 pm    Post subject: Reply with quote
ok I worked round it the obvious way: use the force, edit the source :)
Back to top
View user's profile Send private message
amne
Bodhisattva
Bodhisattva


Joined: 17 Nov 2002
Posts: 6378
Location: Graz / EU
PostPosted: Thu May 15, 2003 10:38 pm    Post subject: Reply with quote
hi,
i've got quite the same situation here except that my ftpuser can't log in physically and i denied login via ssh by setting the AllowUsers to everyone but him. however i was wondering why you actually need a shell to be able to login with vsftpd. answer:

Code:

/etc/pam.d/vsftpd:
auth     required   /lib/security/pam_shells.so


found in the pam docs: pam_shells:
Authentication is granted if the users shell is listed in
/etc/shells. If no shell is in /etc/passwd (empty), the
/bin/sh is used (following ftpd's convention).

this seems quite a good idea as users without shell (and there's a lot of them, just "grep false /etc/passwd") shouldn't be able to log in via ftp.
still, i commented it out, but i also set the following things in /etc/vsftpd/vsftpd.conf:
Code:
userlist_enable=YES
userlist_deny=NO

and added only my ftp-user to /etc/vsftpd/vsftpd.user_list

i think that this is a quite clean solution and no loss of safety though i lowered it a bit by changing the pam-file. however i'm no expert (especially with pam :oops:) and would be happy to hear any good and bad criticism.
Back to top
View user's profile Send private message
TenPin
Guru
Guru


Joined: 26 Aug 2002
Posts: 500
Location: Kansas City
PostPosted: Fri May 16, 2003 9:39 pm    Post subject: Reply with quote
Interesting, I'll try that, thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy