Date: Wed, 21 Mar 2001 12:56:27 -0800 (PST) From: Tyler McGeorge <millioncheese@yahoo.com> To: SF <lists@stevenfettig.com>, Freebsd-Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Users for Daemons - not logging in - how? Message-ID: <20010321205627.78101.qmail@web12505.mail.yahoo.com> In-Reply-To: <LOBBKFILCMGGNDCBBCELIEJJDOAA.lists@stevenfettig.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Make the login shell /bin/no (I believe). Not sure, I still haven't weened myself from adduser script. If you use the adduser script, it will have a no or noshell option for their login shell. This prevents console/telnet/ssh login, but will still allow FTP. And the user will be valid, so you will be able to run services with it. I believe there a default daemon user, but I am unsure as to it's intent. Best of luck, Tyler McGeorge --- SF <lists@stevenfettig.com> wrote: > I'm trying to set up users for running specific > service daemons, but I don't > want someone to be able to use that user to log into > the machine via ssh > (which is the only way to log into the machine > remotely) or the console. I > searched through the mail list and couldn't find the > answer, but apologize > if this has been asked before. Would I be correct > in doing something > similar to what one does when installing qmail? > I.e.: > > pw groupadd daemongrp > pw useradd daemon1 -g daemongrp -d /var/daemondir -s > /nonexistent > > &tc... > > I guess I'm looking for a fairly secure way of > adding groups and users that > won't open me up to possible attacks. Any > suggestions are welcome. > > TIA, > SF > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message > > > __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010321205627.78101.qmail>