From owner-freebsd-questions@FreeBSD.ORG Tue May 30 13:53:50 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4439A16A685 for ; Tue, 30 May 2006 13:53:50 +0000 (UTC) (envelope-from jerrymc@clunix.cl.msu.edu) Received: from clunix.cl.msu.edu (clunix.cl.msu.edu [35.9.2.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C849043D53 for ; Tue, 30 May 2006 13:53:49 +0000 (GMT) (envelope-from jerrymc@clunix.cl.msu.edu) Received: from clunix.cl.msu.edu (localhost [127.0.0.1]) by clunix.cl.msu.edu (8.13.6+Sun/8.13.6) with ESMTP id k4UDqneL003757; Tue, 30 May 2006 09:52:49 -0400 (EDT) Received: (from jerrymc@localhost) by clunix.cl.msu.edu (8.13.6+Sun/8.13.6/Submit) id k4UDqlcg003756; Tue, 30 May 2006 09:52:47 -0400 (EDT) From: Jerry McAllister Message-Id: <200605301352.k4UDqlcg003756@clunix.cl.msu.edu> To: beech@alaskaparadise.com (Beech Rintoul) Date: Tue, 30 May 2006 09:52:47 -0400 (EDT) In-Reply-To: <200605300149.00925.beech@alaskaparadise.com> X-Mailer: ELM [version 2.5 PL7] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org, Marwan Sultan Subject: Re: User Access restriction. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 May 2006 13:54:38 -0000 > > On Tuesday 30 May 2006 01:28, Mikhail Goriachev wrote: > > Marwan Sultan wrote: > > > Hello, > > > > > > Yes, I understand that To lockup a user from navigating outside their > > > home directories through > > > ftp, I simply can add them to /etc/ftpchroot and when a user connects > > > It wont allow him > > > to go any level higher than his Home Directory. > > > No need for proftpd as additional port, because the base system will do > > > it throu /etc/ftpchroot > > > > > > BUT!! > > > The user can connect through SSH and navigate, > > > Here where my information stops, > > > 2 questions, > > > 1) How do I have a list from few users to disallow them using SSH? > > > is there any where i add a user to disallow him from using SSH? > > You can define /usr/sbin/nologin as their shell, that will prevent all shel= > l=20 > logins for that user. But AFIK the stock ftp will not work without shell=20 > access. You will need to use something like proftpd if you go that route. It has been a long time since I played with it (years) but I think exactly what you suggest here will work as the poster wants. Of course, nologin or its equivalent needs to be listed in /etc/shells. ////jerry > > Beech > > > > man sshd_config > > > > and see AllowUsers/DenyUsers sections. > > > > > 2) If I want to lock the user through his SSH session not FTP session > > > whats the way? > > > Is jail the only way? no easier way? chroot can do it? how if yes? or > > > whats the alternatives? > > > > > > Thank you guys for following up with me. > > > > > > Marwan > > > > Cheers, > > Mikhail. > > =2D-=20 > > =2D------------------------------------------------------------------------= > =2D------------- > Beech Rintoul - Sys. Administrator - beech@alaskaparadise.com > /"\ ASCII Ribbon Campaign | Alaska Paradise > \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 > X - NO Word docs in e-mail | Anchorage, AK 99501 > / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com > =2D------------------------------------------------------------------------= > =2D------------- > > > > > > > > > > > > > --nextPart1448432.rIM0hVdrV5 > Content-Type: application/pgp-signature > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (FreeBSD) > > iD8DBQBEfBUMp5D0B1NlT4URAqlSAJ9V6OZkd7rgz1bHyBmvh7ZVAnr+EQCfRGGt > /jyK7BE/6X1sM/a35EOXXDw= > =GcVM > -----END PGP SIGNATURE----- > > --nextPart1448432.rIM0hVdrV5-- >