You will find a lot of tutorials telling you that the only thing to do is change the default shell to /bin/ftponly, but this is just half the truth. Here’s how to create a working FTP Only account.
Create the account first
useradd -d /export/data/loader -s /bin/bash username
Next, set password
passwd username
This account will work, but it will grant shell access besides FTP. We don’t want that.
Let’s create the “ftponly” shell
echo '#!/bin/sh' > /bin/ftponly
echo 'echo "This account only allows FTP access!"' >> /bin/ftponly
chmod a+x /bin/ftponly
Change the shell of the recently created user to /bin/ftponly
usermod -s /bin/ftponly username
Almost done! But now when you log in to FTP, you will get 530 wrong username or password, despite using the right password. One more step is required to make it work.
We need to create a file listing all valid shells:
/etc/shells
list all valid shells in this file:
/bin/sh /bin/bash /bin/csh /bin/gnome-autogen.sh /bin/hash /bin/jsh /bin/ksh /bin/remsh /bin/rksh /bin/rsh /bin/pfcsh /bin/pfksh /bin/pfsh /bin/ssh /bin/tcsh /bin/zsh /bin/ftpaccess /sbin/sh /bin/false # here we add our new shell: /bin/ftponly
Voila! Next time you log in, FTP it will let you in, but trying to SSH will not work anymore.
You must log in to post a comment.