Date: Tue, 19 Sep 1995 13:40:03 +0200 From: Rob Simons <rob@Simplex.NL> To: questions@freebsd.org Subject: Re: POP Mailboxes Message-ID: <199509191140.NAA00882@Simplex.NL>
next in thread | raw e-mail | index | archive | help
Subject: Re: POP Mailboxes Cc: shorty@iii.net | >On Fri, 15 Sep 1995 bmk@dtr.com wrote: | | >> The same way you set up a "normal" mailbox. popper simply reads the | >> user's mail out of the mail spool. | > | >Which means if you don't want them to have logon accounts, you'll want to | >set their shell to /bin/false and their home directories to /tmp. Never | >done it on my FreeBSD machine, but I suspect this also means that you'll | >need to add /bin/false to /etc/shells. | | Errmm.. Well, you could I spose, but if you leave it out, even if someone | manages to put a copy of csh called false in the bin directory, he will | still be denied access on the grounds of an invalid shell.. Well, as root you can specify any shell you like, no matter if it's in the /etc/shells file or not. When the user logs on, he or she will just get the shell you specified, not access denied on grounds of a false shell. It's indeed better to set the shell at something that *does* exist, e.g. point it at /bin/sync or a home made shell which states "access denied on these grounds: blah" Don't ever put the shell you give them in /etc/shells, because then they will have ftp access to your system. ftpd checks /etc/shells for valid shells. :-) My /usr/local/bin/xsh is as follows: /* * stupid shell for users whom are kicked of the system. * 940724 - Rob. */ # include <stdio.h> int main(void) { printf("\n\n\tYou are denied access to this system, please contact\n"); printf("\tyour local system administrator for details.\n\n"); /* In your case I might add: */ printf("\tYou can only use the pop (email) sever on this machine.\n"); /* end addition */ exit(0); /* obviously we won't get this far. */ return; } compile it with 'cc -o xsh xsh.c' and move or copy it to /usr/local/bin, point the users shell to it, and make sure it's excecutable! 'chmod 111 /usr/local/bin/xsh'. Or any other combination of access and rights you prefer. - Rob. /*--------------------------------------------------------------*\ /* Rob Simons | rob@simplex.nl *\ /* ------------ | ------------- | -------- | ------- *\ /* Novell Netware System Operator | UNIX system operator *\ /*--------------------------------------------------------------*\
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509191140.NAA00882>