Comments on: Howto prevent non-root users from login into the system using nologin shell

By: Chris

Chris — Thu, 22 Sep 2011 09:27:40 +0000

@jason,

Make sure that this line is present in your /etc/pam.d/vsftpd:

auth required pam_shells.so

This will force users to have a valid shell to log in.
If you set a users shell to /bin/false or /sbin/nologin then FTP logins will not be allowed also.

Regards,
Chris

By: Thibs

Thibs — Fri, 16 Sep 2011 09:35:32 +0000

By the way, the command chsh is designed for changing shell (instead of using usermod)

e.g. :
chsh -s /bin/false tom

By: jason

jason — Mon, 10 Jan 2011 09:32:56 +0000

I need a fix like this, that still allows the user to access vsftpd. I’ve looked around and it looks like installing some kind of secure shell is my only option. I’m hoping you may know a way that’s as easy as this modification. Thanks in advance.

By: Guan

Guan — Wed, 22 Sep 2010 13:57:41 +0000

Use a nologin/false shell is a quick solution to disable login completely. However, there are needs to only allow login from certain location, say only locally. Linux-PAM would allow a much finer grain login control. Check out ‘man access.conf’. It is pretty useful when you have very specific login restrictions.

By: ruben

ruben — Fri, 18 Jun 2010 15:18:46 +0000

excelent!
this info helped me !

By: nagendra rao

nagendra rao — Mon, 16 Apr 2007 07:25:19 +0000

i got one proble in sftp. how to blck sft service to a particular user

By: R_Smith

R_Smith — Sun, 08 Apr 2007 00:17:19 +0000

I was thinking about the main ftp account, that has access in the direcory that is one level up from public_html. There is no option in Cpanel to change this ftp account password.

By: nixcraft

nixcraft — Sat, 07 Apr 2007 18:17:02 +0000

You can use ‘FTP Manager’ to disable or enable FTP user.

By: R_Smith

R_Smith — Sat, 07 Apr 2007 16:41:13 +0000

Hello,

I have CentOS on dedicated server with Cpanel/WHM installed.

I want more people to have access to Cpanel, but to disable main ftp domain access because if they FTP with the cpanel user/pass they will be able to access the folder MAIL.

What I did so far: I chaged the Cpanel/username password by: ssh passwd , this way the FTP password remained as the old one. This was a solution, because people were not able to use FTP with the Cpanel password. However, in 24h the FTP password was automatically synchonized with the Cpanel password – it became the same as cpanel password.

1. How to disable main domain ftp access for Cpanel user?
2. Maybe there is a way to disable automatic ftp password synchronization?

Thanks in advance!!!

By: max

max — Sat, 18 Nov 2006 06:25:14 +0000

Zach,
to deny non-root logins, simply ‘touch /etc/nologin’

By: nixcraft

nixcraft — Fri, 17 Nov 2006 19:13:38 +0000

Zach,

Good question.

Use /bin/false on Debian or Ubuntu Linux system. Both /sbin/nologin and /bin/false are binary file. Don’t softlink them with shell/perl script.

usermod -s /bin/false tom

By: Zach True

Zach True — Fri, 17 Nov 2006 17:38:24 +0000

On a Debian system, the nologin file does not exist. Is this a file that I can create? If so, do I stick it in /etc? Do I have to link it to a file in /sbin? Also, what should be the contents of the file?

Thanks