PDA

View Full Version : Disabling terminal for a specific user



mick-porter
1st March 2006, 04:10 AM
I have a user lets call it user1 how can I disable all access from any terminal so that he can't use sftp or scp or ssh but he can use ftp. I have ftp working and OpenSSH is running but I don't want to give them access to that just ftp.

Max

jhetrick62
1st March 2006, 04:28 AM
Have you tried assigning this user to a unique group, and then turning off "others" permissions for these services. Then assign any users that you want to use all services to belong to this unique user group.

Jeff

mick-porter
1st March 2006, 04:32 AM
I don't mean like that I mean just for this user disabling the terminal. cause that will disable everything ssh scp and sftp wise.

Max

mick-porter
1st March 2006, 05:01 AM
when I disable a shell it won't let ftp connect but I saw something before where they make a shell in /bin/ftpaccess and whenever you would login it would give you an error message.

Max

daverj
1st March 2006, 05:04 AM
sshd has a config file in which you can restrict access. I'm not sure where it is. Probably in /etc somewhere.

mick-porter
1st March 2006, 05:13 AM
I know where that is but say they were my friend and they came to my work and tried to log into the server I want to deny them access to any shell.

Max

mick-porter
1st March 2006, 05:15 AM
except giving them the shell /bin/false because that blocks ftp access.

Max

ryan.overton
1st March 2006, 05:16 AM
the look for /etc/passwd file and you should see something like this

username:x:48:48:username:/home/username:/bin/bash

take off the /bin/bash at the end, and replace with /sbin/nologin