From owner-freebsd-security Sat Jan 15 14:57:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from revelex.com (revelex.com [207.61.176.194]) by hub.freebsd.org (Postfix) with ESMTP id 0554615130 for ; Sat, 15 Jan 2000 14:57:08 -0800 (PST) (envelope-from jonf@revelex.com) Received: from localhost (jonf@localhost) by revelex.com (8.9.3/8.9.3) with ESMTP id RAA07304; Sat, 15 Jan 2000 17:52:27 -0500 (EST) Date: Sat, 15 Jan 2000 17:52:27 -0500 (EST) From: Jonathan Fortin To: cjclark@home.com Cc: Dan Harnett , Nicholas Brawn , freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. In-Reply-To: <200001152233.RAA53004@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, You could also set the users shell to /bin/false and add it in /etc/shells and use the -m option. jonf@revelex.com On Sat, 15 Jan 2000, Crist J. Clark wrote: > Dan Harnett wrote, > > Hello, > > > > You could also set this particular user's shell to /sbin/nologin and make the > > others use the -m option to su. > > But if you do this, remember, > > -m Leave the environment unmodified. The invoked shell is your lo- > gin shell, and no directory changes are made. As a security pre- > caution, if the target user's shell is a non-standard shell (as > defined by getusershell(3)) and the caller's real uid is non-ze- > ro, su will fail. > > You have to add '/sbin/nologin' to /etc/shells. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message