Date: Fri, 21 Feb 2003 08:10:12 -0500 From: Jim Trigg <jtrigg@spamcop.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: ftp users - question Message-ID: <20030221131012.GA27265@michaelines.net> In-Reply-To: <20030221055951.GA96171@raggedclown.net> References: <005d01c2d92d$8d70c990$0701a8c0@darryl> <20030220231312.GA66761@grimoire.chen.org.nz> <20030221055951.GA96171@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 21, 2003 at 06:59:51AM +0100, Cliff Sarginson wrote:
> On Fri, Feb 21, 2003 at 12:13:12PM +1300, Jonathan Chen wrote:
> > On Thu, Feb 20, 2003 at 04:15:18PM -0600, Darryl Hoar wrote:
> > > Greetings,
> > > I have a machine setup running 4.7 - stable. It is an internal machine.
> > > How do I setup a user (so they can upload with ftp) but can't login at
> > > the shell ? Is this possible ?
> >
> > Set up the users with a non-existent shell (eg: /nonexistent), and add
> > the non-existent shell entry into /etc/shells.
>
> Conventionally such users woud be given a shell of "/sbin/nologin", which
> must also be added into the list contained in "/etc/shells".
> The program "/sbin/nologin" already exists, so no need to create it.
As an added measure of security, I'd advise making a link of /sbin/nologin
called /sbin/ftponly and adding that to /etc/shells instead of nologin.
That way, system accounts that shouldn't be able to be logged in through
ftp either can still have the shell /sbin/nologin. Users that should
only be able to access the system through FTP get the shell /sbin/ftponly.
It also make the passwd file more understandable.
Jim Trigg
--
Jim Trigg, Lord High Everything Else O- /"\
\ / ASCII RIBBON CAMPAIGN
Hostmaster, Huie Kin family website X HELP CURE HTML MAIL
Verger, All Saints Church - Sharon Chapel / \
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030221131012.GA27265>