Date: Tue, 14 Dec 2004 11:23:54 -0500 From: Louis LeBlanc <FreeBSD@keyslapper.org> To: questions@freebsd.org Subject: Re: sftp and shell access Message-ID: <20041214162353.GA20997@keyslapper.org> In-Reply-To: <200412141011.23225.josh@tcbug.org> References: <200412141011.23225.josh@tcbug.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/14/04 10:11 AM, Josh Paetzel sat at the `puter and typed: > I am looking for a way to give a user an sftp account without giving > them a shell. So far I've tried setting their shell > to /sbin/nologin, but when they try to log in via sftp it gives them > a "message to long" error. > > Any pointers would be appreciated...I've tried the FAQ, handbook and > google so far. Can you restrict external logins from /etc/login.access? You can do it by username or group, ie. ftponly. This should do it: # Disallow logins to all in the ftponly group -:ftponly:ALL This should only affect shell logins, so ftp should still work. -- Louis LeBlanc FreeBSD@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Correspondence Corollary: An experiment may be considered a success if no more than half your data must be discarded to obtain correspondence with your theory.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041214162353.GA20997>