Sunday, 15 December 2013

Create an FTP account manually

  [root@deep ] /# mkdir /home/ftp
        [root@deep ] /# useradd -d /home/ftp/ftpadmin/ -s /dev/null ftpadmin > /dev/null 2>&1
        [root@deep ] /# passwd ftpadmin



        Changing password for user ftpadmin
        New UNIX password:
        Retype new UNIX password:
        passwd: all authentication tokens updated successfully
nce the home/ftp/ directory has been created you don't have to use this command again for additional FTP users.

   1.

      Edit the /etc/shells file, vi /etc/shells and add a non-existent shell name like null, for example. This fake shell will limit access on the system for FTP users.    1.

      /dev/null, This is our added no-existent shell. With Red Hat Linux, a special device name /dev/null exists for purposes such as these.
   2.

      Now, edit your /etc/passwd file and add manually the /./ line to divide the /home/ftp directory with the /ftpadmin directory where the user ftpadmin should be automatically chdir'd to. This step must be done for each FTP user you add to your passwd file.

                ftpadmin:x:502:502::/home/ftp/ftpadmin/:/dev/null


      To read:

                ftpadmin:x:502:502::/home/ftp/./ftpadmin/:/dev/null
                ^^


      The account is ftpadmin, but you'll notice the path to the home directory is a bit odd. The first part /home/ftp/ indicates the filesystem that should be considered their new root directory. The dot . divides that from the directory they should be automatically chdir'd. change directory'd into, /ftpadmin/.

Once again, the /dev/null part disables their login as a regular user. With this modification, the user ftpadmin now has a fake shell instead of a real shell resulting in properly limited access on the system.

No comments:

Post a Comment