Benjamin M Baraga wrote:
>
> I have a question.
>
> I have a linux (Redhat 5.1) box that is hosting our web page, via Apache. I
> want to give the webmaster FTP only access to the server. How do I create a
> user like this? I don't want him to be able to login to the server, only be
> able to FTP to the /home/http directory. Any help would be appreciated.
by using adduser (or useradd) command u can create a user
with specific uid/gid's, (if this user is not already there
in the /etc/passwd file). Be sure to specify the home
directory of this user as /home/http so that whenever he/she
logs on via ftp/telnet/whatever he is taken to his root
directory by default...
to restrict him to use ftp services only and not the telnet
service, u'll have to change the shell of the user in the
/etc/passwd file to a dummy shell...in other words... where
it states /bin/bash, u have to define a dummy shell like
/bin/blah which actually points to a file which doesn't even
exist....then you have to append /bin/blah in your
/etc/shells file.
The reason for all this shibang is that the RFC defining FTP
states explicitly that the user ftp'ing needs to have a
valid shell on the machine he/she is ftp'ing. By adding our
dummy shell (/bin/blah) in /etc/shells we are actually
fooling the ftp server into believing that the user
(webmaster) indeed has a real shell, so let him ftp into the
server.
The adduser command in slack is a step by step input/output
sequence which gets the user's info interactively from the
shell..I remember running into a problem of the 8 characters
or less requirement (as webmaster is 9 characters) and thus
i defined a user dodo, and went into /etc/passwd and
/etc/shadow and changed the dodo to webmaster. RH might not
have the 8 character limitation because the useradd/adduser
command does not require so...but nevertheless i thought it
better to share the information.
Ok..on a last note...if you are running proftpd as your ftp
server on your webserver, the way to restrict the webmaster
(or any other ftp user) to his/her home directory is by
using the global directive DefaultRoot ~ , which essentially
jails the user to his directory so he/she cannot venture out
of the home dir. sorry i can't help u on the other
ftpservers front, but maybe the command 'chroot' might be
useful there....haven't really ever understood how to use
this command, but i have heard that this can be used to jail
users too. do let me know if u use it successfully.
if you have any other queries, let me know..because i'm
running a similar setup as yours...and might save u time
(and hair-loss!) if you run into some strange problem :)
regards,
>
> Thankz in Advance
>
> Benjamin Baraga
> Systems Engineer
> Heron Network Services
--
Omer Ansari
Network Engineer,
Supernet PDSL
Pakistan.
Digital Fingerprint:
A641 2DCB D180 4ACD CA00 DC4E 1698 847B E3CA A88F
