This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Can't create users without FTP access

4 posts / 0 new

Topic locked

Last post

#1 Tue, 05/19/2009 - 01:18

smartvirtualmin

Can't create users without FTP access

Hello!

We use Virtualmin version 3.68 Pro / proftpd / linux users. the question is simply: can we create users without FTP acc?

Now, if we select Email only access for a user, then they can login to their home via FTP as well.

We use /etc/ftpusers file, but webmin do not add the email only users there.

I know it's not a realy big issue i'm just intrest about it.

A little bit other issue: Can we disable the default server administrator user FTP acc? I read a topic about it in the forum, but no solution there. It's totaly useless i think, and it's colud be a little security problem.

thanks Lawrence

#2 Tue, 05/19/2009 - 02:18

Joe

I'd recommend just disabling FTP altogether, if you're going to turn it off for virtual server owners. ;-)

But, FTP access is determined by the users shell, by default. If it's in the list of shells in /etc/shells, it's an FTP-capable account. If it isn't, it's not.

It would be trivial to write a script for Virtualmin to run to update your ftpusers file, if it doesn't know how to deal with it already (I seem to recall support was added a couple of years ago, but it's been a long time, and I don't use FTP, so I'm not sure).

--

Check out the forum guidelines!

#3 Tue, 05/19/2009 - 02:31 (Reply to #2)

smartvirtualmin

We do not grant shell access to any customer on the servers. All of them are on /bin/false.

Ok. So the only solution for it a handmade script right?

We can use Mailbox Variables $FTP and Domain Template Variables $USER to detect the permissions for the users. am i understood well the things?

thanks

#4 Tue, 05/19/2009 - 05:11 (Reply to #3)

andreychek

Howdy,

Well, to clarify, all users on any system have a "shell" set for them. A shell can be something like /bin/false, which doesn't allow them to log in on the command line like bash allows.

To paraphrase what I think you're saying -- your customers use /bin/false as their shell, and you want to disable their access to FTP.

Are there any users with /bin/false as their shell who *should* have FTP access?

If not -- if all /bin/false users should be preventing from using FTP, you could simply remove "/bin/false" from /etc/shells.

Another option would be to set new Virtual Server owners to use /dev/null as their shell (that can be done in System Customization -> Custom Shells).
-Eric

Topic locked