Disable shell user access to server for server
FTP accounts with Proftpd
I've been required to configure a Linux server running Proftpd
server in a way that (bash) shell access is disabled for security
reasons.
This could possibly prevent listing of file content on the server
if the ftp user account logs in the server through the
SSH
protocol
Since I haven't set such a restriction on a server using Proftpd
server managing the FTP accounts I had to consult with
Proftpd
authentication documentation
Therein it was explained that there is a sysadmin trick to use to
achieve the prohibition of ssh access for the FTP users.
Here is a quick few steps walk through on how this is achieved in
Debian Linux:
debian-server:~# vim /etc/proftpd/proftpd.conf
In the conf file uncomment:
#RequireValidShell off
to
RequireValidShell off
Then you will have to edit your
/etc/passwd file:
In
/etc/passwd find the FTP user for which you'd like to
disable the SSH access and make sure it's
shell is set to
/bin/false
Now let's say you'd like to disable SSH logins for FTP user
testftpuser, while editing
/etc/passwd you will
notice a line:
testftpuser:x:1001:1001:SoccerFame,,,:/home/testftpuser:/bin/bash
The line should be changed to look like:
testftpuser:x:1001:1001:SoccerFame,,,:/home/testftpuser:/bin/false
In case if you'd like to change all system users who have access to
the ProftFTP server as well, you can easily do that with a tiny
shell script for the purpose.