December 10th, 2003, 15:28
I was setting up a web server for a few of our employees today who are going to build our company intranet.

Since none of these people have any idea how to use a UNIX shell, I set them all up with /nonexistent shells (or /bin/false)

However, it appears that if I dont give my users real shells, they cannot connect via FTP. I wanted to know if there is a way around this?

Reason I want to do this is that I dont want to give any shell access to any account that does not need it. They simply need ftp access, and that is it.

If memory serves correctly, I did consider scp, but that would require a shell for the user.

Any recommendations?


December 10th, 2003, 15:46
If scp is what you want then look at the scponly shell. It doesn't allow shell access but creates a chroot environment with the script that comes with it. Scponly only allows scp/sftp access. I prefer to use this over ftp with its plaintext passwords. FTP is good for anonymous only, in my opinion. 8)

It's in ports if the server is FreeBSD. NetBSD has it in the WIP-pkgsrc now.


Red Hat 5.2 was the last time I trusted any plain text file transfer/shell access so you'll have to ask someone else for their expertise with FTP :roll:

December 10th, 2003, 17:35
Heres OpenBSD's way:


December 10th, 2003, 17:39
Thanks guys...

Looks like the OpenBSD way will work for FreeBSD as well.

Just tested it and works like a charm..