Home Forums AFP548 Community Open Mike Tiger Server: FTP, w/o SFTP and SSH

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • March 3, 2006 at 4:18 pm #365532
    nemonada
    Participant

    Here’s what I need in a nutshell: allow a user to login via FTP (chrooted to their Home dir), but don’t allow SFTP access, nor commandline access. This is a web-hosting box, so I want to allow ftp for this user, but I don’t want them snooping around on the server via ssh or sftp.

    Running G5 XServe with Tiger Server.

    In Panther I could just use /etc/ftpchroot to do this, but that does not seem to work in Tiger. I also tried using an /etc/ftpd.conf file with the chroot command inside – did not work.

    I see in ServerAdmin how to confine the user to their Home Dir via Ftp, so that’s not a problem. In WorkGroupMgr, I had set the user up with /sbin/nologin as their shell (this also worked in Panther). So I was hoping that would continue to block sftp and ssh. It does, but it also kills the FTP login.

    So, is there any way (short of installing a second ftp server app.) to allow FTP access to the Home Dir, but disable SFTP and SSH access?

    thanks!

    March 3, 2006 at 6:44 pm #365540
    nemonada
    Participant

    Thank you! I have never used the access lists, as i don’t usually operate in a multi-user environment. So, I was reading in the 10.4 File Services pdf from Apple about how to create a SACL.
    It says to log in via ServerAdmin, select the computer, hit Settings and then hit Access. Well, when I hit Settings, the only tab choices are General, Date & Time, Time Zone and Advanced. I don’t see an “Access” – any ideas?

    I am running 10.4.3 (Build 8F46) on the server and my version of ServerAdmin is 10.3 (106). If I need to upgrade my ServerAdmin – will the upgrade also work with Panther (I have 3 other servers running Panther)?

    thanks again!

    March 3, 2006 at 7:07 pm #365541
    nemonada
    Participant

    nvm. I found the admintools 10.4 update on apple.com. Setting up the SACL now.

    Thanks again for your advice.

    March 3, 2006 at 7:14 pm #365542
    nemonada
    Participant

    Woops, spoke too soon. How can I add root to this SACL? I know, I know – “why are you using root?” – I’ve always been the only user on these machines, so have alway just used root.

    So when I set up the SACL in the gui, I can see my SysAdmin account and other accounts. Any way to slap root in the list too?

    March 6, 2008 at 8:44 pm #371805
    jimlooney
    Participant

    nevermind. found the answer.

    [code]sudo dseditgroup -o edit -a root -t user com.apple.access_ssh[/code]

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.