From owner-freebsd-security Tue Feb 27 14:55:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 6F78D37B71B for ; Tue, 27 Feb 2001 14:55:29 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id f1RMtCi20321; Tue, 27 Feb 2001 14:55:12 -0800 Date: Tue, 27 Feb 2001 14:55:12 -0800 From: Brooks Davis To: Rob Simmons Cc: George.Giles@mcmail.vanderbilt.edu, freebsd-security@FreeBSD.ORG Subject: Re: ftp access Message-ID: <20010227145512.A13920@Odin.AC.HMC.Edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from rsimmons@wlcg.com on Tue, Feb 27, 2001 at 05:38:58PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 27, 2001 at 05:38:58PM -0500, Rob Simmons wrote: > /sbin/nologin as the user's shell. You also have to add this shell to > /etc/shells If you do this be sure to keep users from being able to access the system via ssh. Otherwise they can just use ssh to spawn a shell for themselves: ssh -t /bin/sh -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6nDBPXY6L6fI4GtQRAnBXAJ4/tzKot7bBL6yX4lCwWvaDl+w7/wCg1s/g 6gcs33Qyb7kKHw06b16JC+c= =f9fi -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message