Helpful Information
 
 
Category: FTP Help
FreeBSD - FTP login w/o telnet

Using FreeBSD 3.4

I can define a user's FTP root to their directory using /etc/ftpchroot

But I can't do the same with telnet and I can't deny telnet without taking away FTP...

Telnet isn't a necessary feature for these users, so how do I deny telnet and not FTP? Or barring that how do I limit their telnet access to the user root? (long shot I know).

>>how do I limit their telnet access to the user root?

Can't unless you write your own shell.

>>But I can't do the same with telnet and I can't deny telnet without taking away FTP

1) cat /etc/shells
#############################################
# $FreeBSD: src/etc/shells,v 1.3.2.1 2000/07/10 08:47:17 obrien Exp $
#
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.

/bin/sh
/bin/csh
/bin/tcsh
#############################################
So that means, as long as a user has a shell from the choices above, he can login both FTP and Telnet.
2) Next, su to a non-system user or create a new user just for testing purpose, assign a /sbin/nologin shell to such user. Or use "vipw" to change the user's shell.
3) Telnet in and FTP in with such user, for Telnet, you would get "This account is not available" or something, for FTP, such user simply gets login failed, that is supposed to be because you need one more step as follow..
4) vi /etc/shells
add /sbin/nologin to the list so you should get:
/bin/sh
/bin/csh
/bin/tcsh
/sbin/nologin

As the cat /etc/shells from (1) mentions, "Ftpd will not allow users to connect who are not using one of these shells". Ftpd doesn't care whether it's nologin shell or whatever, as long as such shell is listed here and the user's shell belongs to one of these, such user is allow to FTP login, but not ssh/telnet.

Fantastic! I knew YOU would have an answer!

Works like a charm.

ooops! Spoke to soon. Logging in as one of the users so defined, the directory appears empty...

I am trying to setup an FTP-only account on Linux RH6.1 box - and have the user login directory be their root so that cannot explore and view other directories/files on the machine. Does anyone know how I do this?

you could add an "#" in front of the "telnet"
line in /etc/inetd.conf and do a killall -HUP
inetd to restart the inet daemon. this stops
the telnet daemon from starting at boot-
time










privacy (GDPR)