Subject: Re: ftp-only account - how?
To: Hubert Feyrer <hubert.feyrer@rz.uni-regensburg.de>
From: Thilo Manske <Thilo.Manske@HEH.Uni-Oldenburg.DE>
List: netbsd-users
Date: 07/29/1999 15:21:40
On Thu, Jul 29, 1999 at 02:10:19PM +0200, Hubert Feyrer wrote:
> what is the "right" way to set up an account that can be accessed by FTP
> only? I don't want shell logins, so I have to use a non-valid shell. But
> the shell still has to be in /etc/shells for ftpd to let the user in at
> all. Should I really add /sbin/nologin or /dev/null to /etc/shells?

I'm not sure if this is "The Right Way"^TM, but when I've configured
ftp-only accounts on our server (www homepages) I've softlinked
/sbin/ftplogin to /sbin/nologin and used that for those users' shell.
(I've added ftplogin to /etc/shells of course.)

> I have the user also in /etc/ftpchroot for extended security, but that's
> not really related to the login.
But related to that: Does anybody know, how to make sshd (scp) work for
such accounts? (no shell login, chrooted)
I get "protocol error: mtime.sec not delimited" back from those. Well, that's
still better than working, but not chrooted...
-- 
Dies ist Thilos Unix Signature! Viel Spass damit.