From owner-freebsd-questions  Tue Dec 19  9:56:47 2000
From owner-freebsd-questions@FreeBSD.ORG  Tue Dec 19 09:56:45 2000
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from earth.wnm.net (earth.wnm.net [208.246.240.243])
	by hub.freebsd.org (Postfix) with ESMTP id 50E9637B400
	for <questions@FreeBSD.ORG>; Tue, 19 Dec 2000 09:56:45 -0800 (PST)
Received: from localhost (alex@localhost)
	by earth.wnm.net (8.11.0/8.11.0) with ESMTP id eBJHugM17236;
	Tue, 19 Dec 2000 11:56:42 -0600 (CST)
Date: Tue, 19 Dec 2000 11:56:42 -0600 (CST)
From: Alex Charalabidis <alex@wnm.net>
To: Nathan Vidican <webmaster@wmptl.com>
Cc: Jason Halbert <res02jw5@gte.net>, questions@FreeBSD.ORG
Subject: Re: FTP only user
In-Reply-To: <200012191759.MAA98012@mail2.wmptl.com>
Message-ID: <Pine.BSF.4.21.0012191155160.79987-100000@earth.wnm.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 19 Dec 2000, Nathan Vidican wrote:

> > I need to create a user that has very restricted access to the system.
> > I need to allow access to my ftp to a lot of people but these people
> > don't need access to telnet or ssh or any other service on my box.  I
> > would like to limit the user that way, as well as another way.  I
> > would also like to limit the user in what they can see.  Is it
> > possible to not allow the user to cd out of its home directory?  I
> > don't want them seeing anything outside of that dir if possible.
> > 
>    As far as limiting the users from being able to telnet/ssh, 
> unfortunately, (as far as I know anyhow), a user must have a valid 
> shell in order for ftpd to authenticate said user. I usually just their 
> login scripts and make them so the user cannot change them so as to log 
> them out immediately if they attempt telnet/rlogin/ssh logins.

Give them /usr/bin/false for a shell and make sure it's listed in
/etc/shells.

-ac

-- 
==============================================================
Alex Charalabidis (AC8139)            5050 Poplar Ave, Ste 170
System Administrator                         Memphis, TN 38157
WebNet Memphis                                  (901) 432 6000
Author, The Book of IRC              http://www.bookofirc.com/
==============================================================



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message