pure-ftpd disable system users?

[Red Squirrel]

How can I disable all system users from accessing the ftp? all I want is an ftp server where I set users myself, and not one that uses system users, which is a huge security risk as I'm new to linux and there's probably tons of system users and stuff by default which would be attack points.

So all I want to use is the virtual users. But curently virtual users arn't working. I can't do /configure --with-virtual-users (or whatever the parameter is) because I use apt-get.

Also this install has no configuration file, there's a conf directory with a few files in it but all the files are is like "yes" or some other small word, there's no actual config file.

So how do I get pureftpd running the way I want?

 

[n0cmonkey]

ftpusers might help.

For system users, don't give them a real shell. Set it to /bin/nologin or false or something like that. If they don't have a shell, they can't do a whole lot. Also, there is a way to ban/allow users from accessing OpenSSH, so block them in there as well as not giving them a real shell to further restrict their access.

 

[Red Squirrel]

I can do that for users I know, but there's still tons of system users that come premade with the install, those I don't know about, I just know they're there, so that's the ones that worry me most, as I'm sure someone who knows what they're doing can hack in this way. Only reason I want security very tight is because I'll be forwarding the ftp port to this server to use it online. So easier to just disable letting system users log in generally (through the ftp program) then messing with each user individually.

If it's not possible is there another ftp server I can get that lets me do that? There will be like 2 users, so I don't want it to even look in /etc/passwd, but rather my own database.

 

[n0cmonkey]

There should be an /etc/ftpusers file or something that lets you limit which users can use ftp.

 

[Red Squirrel]

That's not an option thoguh I need to disable it 100%. So if I add another system user I don't have to touch ftp. But that said, it does not look like there's a way I googled and there was like 3 results and it was one of those crappy non formatted forums which I can never figure out where to click to get the replies.

So I uninstalled it, well apt-get did not really do a good job so it's still on the system somewhere as it's still working... so that said any other ftp servers that I can use which support virtual users + the ability to disable completely reading of /etc/passwd users?

 

[nweaver]

groupadd ftplockdown
add your user to ftplockdown and no others, the ftp conf should give an option to specify the group.