[lug] LAMP FTP setup

George Sexton gsexton at mhsoftware.com
Tue Jun 5 22:12:41 MDT 2007

As has been beaten to death here, FTP is brain dead. There are plenty of 
free SSH clients, including Windows ones. Make them use SSH.

Create a file named sftponly in the /bin directory and put this script 
in it. Finally, add sftponly to /etc/shells and make it their shell. 
This will prevent the users from using interactive SSH


# sftponly shell

# Shell arguments must be -c /opt/ssh/libexec/sftp-server echo $1 >> 

if [ "$1" != "-c" ] || [ "$2" !="/usr/lib/ssh/sftp-server" ]; then
    logger authpriv.warning "SSHD: interactive login attempted by $USER"
    echo "Error: sftpshell only runs the sftp-server program."
    exit 1

shift 2
/usr/lib/ssh/sftp-server $*

karl horlen wrote:
> i'm wondering what the safest / best way is to allow
> different site owners to be allowed ftp access to
> their own virtual host directory (or related directory
> aliased into their virtual host directory) on a lamp
> web server.
> i'm trying to avoid giving the users system accounts
> to make this work but i don't think that's possible.
> anybody have a bulletproof approach?
> thanks
> ____________________________________________________________________________________
> Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
> http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow  
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL:   http://www.mhsoftware.com/

More information about the LUG mailing list