From owner-freebsd-security Tue Feb 27 14:40:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from virtual-voodoo.com (virtual-voodoo.com [204.120.165.254]) by hub.freebsd.org (Postfix) with ESMTP id 56E7237B718 for ; Tue, 27 Feb 2001 14:40:45 -0800 (PST) (envelope-from steve@virtual-voodoo.com) Received: (from steve@localhost) by virtual-voodoo.com (8.11.2/8.11.1) id f1RMdNX15654; Tue, 27 Feb 2001 17:39:23 -0500 (EST) (envelope-from steve) Date: Tue, 27 Feb 2001 17:39:23 -0500 From: Steve Ames To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: ftp access Message-ID: <20010227173923.A36303@virtual-voodoo.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from George.Giles@mcmail.vanderbilt.edu on Tue, Feb 27, 2001 at 04:22:33PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Specify a "shell" that won't actually allow shell access. I believe /bin/true (or /sbin/nologin) would work but there are some specific ports that you can use to provide some info to the user when their telnet fails... From /usr/ports/sysutils/no-login/pkg-descr: This program will refuse login to a user, and make a note of it in the system logs (syslog). This is suitable for use as a "login shell" for a user that you want to temporarily deny access to. Just set that user's shell to /usr/local/sbin/nologin. -Steve On Tue, Feb 27, 2001 at 04:22:33PM -0600, George.Giles@mcmail.vanderbilt.edu wrote: > What do I use in passwd to allow ftp, but not shell access on account ? > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message