Date: Thu, 1 Mar 2001 10:01:44 -0700 From: Aaron D.Gifford <agifford@infowest.com> To: freebsd-security@freebsd.org Subject: RE: ftp access Message-ID: <01030110014400.06418@jardan.infowest.com>
next in thread | raw e-mail | index | archive | help
I would caution folks from putting /sbin/nologin into /etc/shells in order to create FTP-only accounts. I would instead suggest you create a link to /sbin/nologin and call it something like /sbin/ftponly and put THAT shell in your /etc/shells file and use it as the shell for your FTP-only users. Why? This gives you the ability to have FTP-only users yet retain the full functionality of /sbin/nologin on other accounts (i.e. a mail-only account) that you DON'T want to grant FTP access to. Also if you're running SSH on the FTP server and you do NOT want your FTP users to be able to do port forwarding (it can be dangerous to allow unless you trust your FTP users greatly and trust that their cleartext passwords won't traverse an untrusted network) you should probably disable it in your sshd_config file. Aaron out. -- www.aarongifford.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01030110014400.06418>