Where is this option Custom Shell with FTP only, or SCP only , gone or howto get it in the GUI

4 posts / 0 new
Last post
#1 Tue, 10/10/2017 - 08:14
Jfro

Where is this option Custom Shell with FTP only, or SCP only , gone or howto get it in the GUI

Cant find or edit the SCP only part in customshell virtualmin 6.01 centos7.4.

So these settings are not there [FTP only], yes [scp only] no cant' find that scp only https://www.virtualmin.com/node/24954#comment-form

Goal is to get something likes this http://www.linuxandubuntu.com/home/how-to-configure-sftp-server-on-centos

https://www.unixmen.com/configure-sftp-chroot-rhel-centos-7/

with then a ChrootDirectory /sftp/%u for example.

SFTP with /bin/bash is working ofcourse with /usr/sbin/nologin programms as winscp aren't.

So i thought to do it with a ChrootDirectory but can't find that option, also can't create a extra customshell in the GUI is greyed out..

So i must have missed something sorry.

?

SSH port nr is customized here, CSF running ok with that port

Wed, 10/11/2017 - 05:57
Joe
Joe's picture

scponly is gone, intentionally. It wasn't really the sort of limited shell people wanted and it's barely maintained upstream. We have enabled SFTP (FTP over SSH protocol) on port 2222 for folks who want a limited ssh login type, and we've also added support for SSH chroot jails (but I recommend SFTP for really low-trust users for a variety of reasons).

But, I see that something has indeed gone wrong somewhere with the shell options. For some reason we are no longer offering FTP-only in the default install (maybe just on some systems). I'll try to sort out why today.

You can make the FTP-only login option available again by editing System Customization->Custom Shells changing it from Virtuamin defaults to Custom Shells below and check the Enabled box for the /bin/false shell. This will provide an Email and FTP login type for domain owner users. FTP is, by default, chrooted to the users home in any system installed with the Virtualmin 6.0.x install.sh

--

Check out the forum guidelines!

Wed, 10/11/2017 - 07:22
Jfro

OK Joe you mean do use sftp for low-trust users with this?: (but I recommend SFTP for really low-trust users for a variety of reasons).

or don't

Wed, 10/11/2017 - 07:25 (Reply to #3)
Joe
Joe's picture

Yes, if you have users that you want to be very restricted in what they can do, give them only FTP access (which includes SFTP onm port 2222, and FTPS/FTP on port 20/21 on a VM6 system). FTP is restricted to the user's home, by default, and they won't be able to run commands on the system. They can only copy files onto the system. They can also perform file operations in File Manager (by default).

--

Check out the forum guidelines!