[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Disallowing root FTP logins

I want root to be able to be able to ftp login via ftp to localhost
but *only* from terminals listed in /etc/securetty. Can't I do this by
allowing root to login by removing root from /etc/ftpusers and then
disallowing ftp logins from tty's not listed in /etc/securetty?

In order to prevent logins by illegitimate ftp users I need to

auth       required     /lib/security/pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed

Of course if root is left out if /etc/ftpusers (so root *can* use ftp) then root
is able to do remote ftp logins from remote terminals (which is bad
;-) so I add this line to /etc/pam.d/ftp

However if I add this securetty line to /etc/pam.d/ftp then *no-one*
can do ftp login remotely.

auth      required  /lib/security/pam_securetty.so

I thought securetty was only supposed to effect root?

Has anyone done this?  What I want is to login as root and open files
with angeftp/efs in emacs but only from a local terminal --- hopefully
with out effecting other user's abilities to ftp login from remote
locations ;-)


Graham Todd
York University
Toronto, Ontario

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []