Enable user access only to ProFTP server /
Disable user login via ssh scp and sftp
Here is a way to enable a system user login to a proftpd server
while disable same user system access through a bash, csh shell
etc.
In the below examples I assume the system user is called
ftp-user and the running GNU/Linux is Debian. However same
instructions should be probably working on other Linux
distributions as well.
1. So let's begin creating a pseudo shell named
/bin/ftpaccess
debian:~# touch /bin/ftpaccess
debian:~# echo 'echo "This accout is for ftp access only"' >
/bin/ftpaccess
debian:~# echo 'exit 0' >> /bin/ftpaccess
debian:~# chmod +x /bin/ftpaccess
2. It's also necessary to include the just created pseudo FTP shell
/bin/ftpaccess in your /etc/shells file.
echo '/bin/ftpaccess' >> /etc/shells
3. Then edit your
/etc/passwd and change in the user shell,
you should edit a line similar to:
ftp-user:x:1011:1005:FTP
User,,,:/home/ftp-user:/bin/bash
Afterwards the same user
/etc/passwd line declaration should
look like:
ftp-user:x:1011:1005:FTP
user,,,:/home/ftp-user:/bin/ftpaccess
Now the
ftp-user user should have an FTP file transfer
upload/download access to the server but it's SSH, SCP and SFTP
access will be disabled.
Talking about disabling access of SFTP it's worthy to mention the
RSSH Project .
RSS is quite cool and is able to restrict a shell access via
SSH but same time allow users to use the SFTP and SCP
protocols.
Other user feedback/experience for accomplishing the same task is
very welcome!