shell /bin/false allowing SFTP access [Ubuntu 12.04]

linux ubuntu user-permissions

I have a Linux installation (Ubuntu 12.04), managed not only by me. I had restricted SSH access to a user using 

/usr/sbin/usermod -s /bin/false my_user

This didn't allow neither SFTP access nor console access.

However today, I found out that users with this shell, do have SFTP access and I'm very sure they didn't have access in the past.

Could there be a config change which is allowing this? Unfortunately, I can't contact any of the others guys to see if any accidental changes were made.


It could be that you have 

Subsystem       sftp    internal-sftp

and/or

Match Group sftpusers
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTcpForwarding no

or 

 Match User username
   ChrootDirectory %h
   ForceCommand internal-sftp

configured which will allow users sftp access even if they have a /bin/false shell. If you didn't set this up you could always audit the /var/log/audit.log etc to see who did it by looking for who made edits (everyone does use sudo don't they) to /etc/ssh/sshd_config and restarted the sshd service.

Related

Using DynamoDB for logging user activity
High Tq values for HAProxy
Should I use swap in KVM guest?
Microsoft CA certificate templates expires sooner than expected
AirPlay over unicast DNS-SD. Anyone got it working?
Why is visudo saying there's a syntax error?
tomcat6 on CentOS 6: cannot stop/restart service
Headset for phone calls in the datacenter
How do I prevent IIS 8 from stopping idle ASP.NET applications?
error reading keytab file krb5.keytab
iptables to drop for a while IPs with recently failed connections
SSL, CNAME, and multiple domains