Solaris – adding an FTP only account

You will find a lot of tutorials telling you that the only thing to do is change the default shell to /bin/ftponly, but this is just half the truth. Here’s how to create a working FTP Only account.

Create the account first

useradd -d /export/data/loader -s /bin/bash username

Next, set password

passwd username

This account will work, but it will grant shell access besides FTP. We don’t want that.

Let’s create the “ftponly” shell

echo '#!/bin/sh' > /bin/ftponly
echo 'echo "This account only allows FTP access!"' >> /bin/ftponly
chmod a+x /bin/ftponly

Change the shell of the recently created user to /bin/ftponly

usermod -s /bin/ftponly username

Almost done! But now when you log in to FTP, you will get 530 wrong username or password, despite using the right password. One more step is required to make it work.

We need to create a file listing all valid shells:

/etc/shells

list all valid shells in this file:

/bin/sh
/bin/bash
/bin/csh
/bin/gnome-autogen.sh
/bin/hash
/bin/jsh
/bin/ksh
/bin/remsh
/bin/rksh
/bin/rsh
/bin/pfcsh
/bin/pfksh
/bin/pfsh
/bin/ssh
/bin/tcsh
/bin/zsh
/bin/ftpaccess
/sbin/sh
/bin/false
# here we add our new shell:
/bin/ftponly

Voila! Next time you log in, FTP it will let you in, but trying to SSH will not work anymore.

This site uses Akismet to reduce spam. Learn how your comment data is processed.