Date: 26 Oct 2002 12:33:47 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: freebsd-questions@freebsd.org Subject: Re: Setting permissions for a user Message-ID: <44n0p1f9ck.fsf@be-well.ilk.org> In-Reply-To: <Pine.GSO.4.44L-027.0210261227210.3778-100000@unix3.andrew.cmu.edu> References: <Pine.GSO.4.44L-027.0210261227210.3778-100000@unix3.andrew.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam Bender <abender@andrew.cmu.edu> writes: > On 26 Oct 2002, Lowell Gilbert wrote: > > > Adam Bender <abender@andrew.cmu.edu> writes: > > > > > I would like to create an account to be used for FTP. Since the password > > > will be known by a couple people / could be sniffed since it's not sftp, I > > > would obviously like to limit the powers of this user as much as possible. > > > Specifically, I would like it to be able to create and read files in it's > > > own directory, and that's it. No execution capabilities, unable to read > > > files not in its directory, etc. What's the best way to do this? > > > > Chroot it within ftp (read the ftpd man page, natch) and give the > > account an invalid shell. > > > > Thanks for the help. Does this mean I should add /nonexistent to > /etc/shells, since ftpd will not allow a user to connect who is not using > a shell in that file? Sort of. I'd recommend doing that with a different shell name, not one already used for other accounts. I shouldn't have used the term "invalid" shell, but you seem to have gotten the right idea anyway. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44n0p1f9ck.fsf>