Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i don't know about your computer, but with mine i use the x config program that comes with my cards drivers to select a group that are allowed to use X, (i use gentoo by the way), search thru /etc/group and you see groups for xdm and such, i think that might have something to do with what you want
I set the user's default shell to /bin/false. I didn't want the user to be able to login to the system at all, but still needed a valid username/password combo for a proftp server.
The system in question uses gdm and gdm is smart enough to realize a user with a default shell of /bin/false is not supposed to login, so it prevents it.
While googling around for an answer for this, I read that xdm and kdm will allow a user with a default shell of /bin/false to login... so this will only work for gdm... but thats what I use, so its all good.
Another option to accomplish this on a Mandrake machine, or one with mdkKDM (mandrake's tweaked version of kdm) , is to prevent users from typing their names at the login screen and then hiding users that you don't want to hide. Then if you dont' want console access... throw a .bashrc file into their home dir and put a logout command in it, and then set the .bashrc to read only for the user...
I set the user's default shell to /bin/false. I didn't want the user to be able to login to the system at all, but still needed a valid username/password combo for a proftp server.
This means you just didn't ask the "right" question in the first place. If I knew your reason for wanting this I would have told you you should not use system authentication for just FTP logins. Since FTP uses cleartext authentication, isn't a flawless protocol (like some daemons), using an FTPD (like Vsftpd, Muddleftpd) that can handle separate authentication schemes cuts down the risk of people, one way or another, getting access to system authentication that way.
unSpawn-
I did ask the "right" question in this thread. I wasn't getting any response on it, so I thought I would try to narrow the problem down a bit.
Is there a way I can change the authentication method in Proftp so its not using system authentication then? Or do I need to use a different server to accomplish that?
I did ask the "right" question in this thread. I wasn't getting any response on it, so I thought I would try to narrow the problem down a bit.
Clear. If you mentioned that thread I wouldn't have written this.
Is there a way I can change the authentication method in Proftp so its not using system authentication then?
Sure. From the ProFTPD FAQ (ch. 7, user auth): Authentication methods supported: PAM, NIS, Indvidual passwd/group files for each virtual, SQL databases (etc, etc). Try PAM, check your PAM docs for pam_userdb. That's one of the basic and easy external auth methods Vsftpd uses too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.