Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Login questions
  • From: Robert Pintarelli <robert.pintarelli@xxxxxxxxxxxx>
  • Date: Thu, 07 Feb 2002 17:02:59 +0100
  • Message-id: <3C62A533.C0367D19@xxxxxxxxxxxx>
Praise wrote:
> Il 12:06, giovedì 7 febbraio 2002, NP AE Ruslan Nesterov ha scritto:
> > Dear mail list members,
> >
> > I never thought that I'll face it but now I did. So my question is
> > really simple, I need to prevet a user going anywhere outside his home
> > catalog.
> > ex: user catalog is /home/bla
> > so he couldn't go to /home.
> > Also how to prevent user login in via telnet, ssh, but letting him log
> > in via ftp server. When I put /sbin/nologin. Ftp server is not allowing
> > to log in.
> > Any ideas?
> Set the default shell to /bin/false and they wont be able to login with
> telnet or ssh. But if you do not need them, turn them off!
> Praise

/bin/false is not always a good solution, some ftpds/other daemons
want that the shell the login shell returns true, so /bin/true
might be better.

another nice thing is to point the login-shell to /bin/passwd, so
your users can change their password an nothing else.
if you need a shell login, but want them jailed in their home-dir
you can use rbash as login shell (restricted bash). but the you
must take care, that the users find everything they need in their
homedir because rbash chrootes to that dir.

if you only need ftp login turn the login shell to /bin/true and
configure your ftpd so that they are jailed in their homedir.
for example in proftpd you can use the DefaultRoot directive in
the configfile. other ftpds (like wu-ftpd) can do the same, but
unlike proftpd most of these don't have builtin commandos like
ls, so that you must setup this tools in the users' home. AFAIK
there is a suse package that contains all needed binaries for
a chrooted ftp.


Robert Pintarelli robert.pintarelli@xxxxxxxxxxxx
SERCO Service Center Sued GmbH
Individuelle Datenverarbeitung und Kommunikation
D-89077 Ulm

< Previous Next >
Follow Ups