Linux: Enable user access only to ProFTP server / Disable user login via ssh scp and sftp

[Leon]

1. So let’s begin creating a pseudo shell named /bin/ftpaccess

 

debian:~# touch /bin/ftpaccess

debian:~# echo 'echo "This accout is for ftp access only"' > /bin/ftpaccess

debian:~# echo 'exit 0' >> /bin/ftpaccess

debian:~# chmod +x /bin/ftpaccess

 

2. It’s also necessary to include the just created pseudo FTP shell/bin/ftpaccess in your /etc/shells file.

 

echo '/bin/ftpaccess' >> /etc/shells

 

3. Then edit your /etc/passwd and change in the user shell, you should edit a line similar to:

 

ftp-user:x:1011:1005:FTP User,,,:/home/ftp-user:/bin/bash

 

Afterwards the same user /etc/passwd line declaration should look like:

 

ftp-user:x:1011:1005:FTP user,,,:/home/ftp-user:/bin/ftpaccess

 

Now the ftp-user user should have an FTP file transfer upload/download access to the server but it’s SSH, SCP and SFTP access will be disabled.

 

Talking about disabling access of SFTP it’s worthy to mention the RSSH Project .

RSS is quite cool and is able to restrict a shell access via SSH but same time allow users to use the SFTP and SCP protocols.

Other user feedback/experience for accomplishing the same task is very welcome!