You can tell proftpd to allow logins without a valid shell. It can also set a default root directory for users so they can't see anything above that point.
Ernest Johanson Web Systems Administrator Fuller Theological Seminary On Sat, 25 Mar 2000, Adam Shand wrote: > Date: Sat, 25 Mar 2000 17:51:06 -0900 (AKST) > From: Adam Shand <[EMAIL PROTECTED]> > To: Damon Muller <[EMAIL PROTECTED]> > Cc: debian-user@lists.debian.org, recipient list not shown: ; > Subject: Re: Limiting user access in ftp, ssh, samba, etc... 'passwords' > > > I want to have easy freedom in limiting user access. I have killed > > telnetd, and only sshd. I want to allow some users access through ssh, > > some through ftpd, and some through samba. How can I turn off user > > access through ssh, but keep their account, and allow them access > > through ftp? Can I allow users access to shares through samba, and > > allow them to ftp in, but not ssh or telnet? > > i'm not sure what you're options are for samba as i haven't used it for a > long time ... > > for ssh you have two ways. give them a shell which is useless (/bin/false > or /bin/true or make your own, eg. /usr/local/bin/nossh). then when they > log in they will be immediately logged out again. the other option is to > use the "AllowGroups" option in the sshd_config file. create a group called > ssh, and add it to the AllowGroups option and then only people in the ssh > group will be able to log in. > > for ftp pretty much the only way to do this is via their shell. ftp will > only allow people to login whose shell is listed in /etc/shells. give users > you don't want to have ftp access a shell like /bin/false or > /usr/local/bin/noftp and make sure that shell never gets added to > /etc/shells. more advanced ftp daemons like proftpd or ncftpd may have > other options allowing you to do this via groups like ssh but i've never > investigated it. > > adam. >
