RE: ftp access

From: Aaron D.Gifford (agifford@infowest.com)
Date: 03/01/01

• Next message: Kris Kennaway: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp"
• Previous message: Nate Williams: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp"
• Maybe in reply to: George.Giles@mcmail.vanderbilt.edu: "ftp access"
• Next in thread: Riley J. McIntire: "RE: ftp access"
• Reply: Riley J. McIntire: "RE: ftp access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Aaron D.Gifford <agifford@infowest.com>
To: freebsd-security@freebsd.org
Date: Thu, 1 Mar 2001 10:01:44 -0700

I would caution folks from putting /sbin/nologin into /etc/shells in order to
create FTP-only accounts. I would instead suggest you create a link to
/sbin/nologin and call it something like /sbin/ftponly and put THAT shell in
your /etc/shells file and use it as the shell for your FTP-only users.

Why? This gives you the ability to have FTP-only users yet retain the full
functionality of /sbin/nologin on other accounts (i.e. a mail-only account)
that you DON'T want to grant FTP access to.

Also if you're running SSH on the FTP server and you do NOT want your FTP
users to be able to do port forwarding (it can be dangerous to allow unless
you trust your FTP users greatly and trust that their cleartext passwords
won't traverse an untrusted network) you should probably disable it in your
sshd_config file.

Aaron out.

-- 
www.aarongifford.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Kris Kennaway: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp"
• Previous message: Nate Williams: "Re: ssh tricks (was Re: ssh -t <host> /bin/sh trick (was Re: ftp"
• Maybe in reply to: George.Giles@mcmail.vanderbilt.edu: "ftp access"
• Next in thread: Riley J. McIntire: "RE: ftp access"
• Reply: Riley J. McIntire: "RE: ftp access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Can I setup multiple ftp + eMail accounts for ONE Linux user ? ... If multiple ftp accounts are possible: How do I create ... Any of the popular SMTP and POP3 daemons can be configured to receive mail and deliver it to a mailbox without requiring a login account for that user. ... You can set up most common FTP daemons for virtual users, ... (comp.os.linux.setup) Re: FTP problem with 2003? ... In the Properties of the FTP site within IIS, ... Accounts tab. ... Is "Allow Anonymous Connections" enabled? ... anonymous users on the Internet will not be able to connect. ... (microsoft.public.windows.server.sbs) Re: Enterprise FTP Solution ... I seriously recommend considering alternatives to FTP protocol, ... doesn't feature encryption. ... managing user accounts. ... (microsoft.public.security) ftp non-anonymous help - logon locally overriden by effective policy setting at domain level ... iis5 on one and ad on the other server. ... "To simplify administration of Windows 2000 accounts used for FTP ... policy for log-on locally. ... (microsoft.public.inetserver.iis.security) permission denied on overwriting files (2003) ... For each site I opened an FTP account and an admin ... you can reach to each web site via FTP with their ... FTP accounts, and you can access to their password protected folders ... Even though I gave all the permissions, ... (microsoft.public.windows.server.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint