Date: Thu, 11 May 2000 14:35:50 -0700 (PDT) From: Rudy Rucker <rudy@pollo.monkeybrains.net> To: FBSD-Q <freebsd-questions@FreeBSD.ORG> Subject: Re: NIS map for /etc/login.access Message-ID: <Pine.BSF.4.21.0005111431250.2711-100000@pollo.monkeybrains.net> In-Reply-To: <20000511222945.A31266@gforce.johnson.home>
next in thread | previous in thread | raw e-mail | index | archive | help
You could make the users shell be /bin/ftponly and have 'ftponly' be something like: #!/bin/sh echo "Sorry, you are not allowed to FTP to this machine." echo "Contact Glenn if you have any questions." Oh... you will need to add /bin/ftponly to your /etc/shells, unless you are using something like 'proftpd' which allows you to not check the /etc/shells file. I like 'proftpd' because it has the ability to chroot()... thus, you can hide all the directories except /home from your users. Rudy On Thu, 11 May 2000, Glenn Johnson wrote: > On Thu, May 11, 2000 at 06:16:36PM -0700, Blake Swensen wrote: > > > I have a need to prevent certain clients, who need FTP access, from > > telneting into the machines on my network. > > > > I have been using /etc/login.access to prohibit those users, but it is > > a hassle to add an entry in every machine on the network. > > > > Have also tried to add those users to a NIS'ed group and added the > > @groupname to login.access. Login.access must only look at the user's > > GID, not the group file, or the NIS map for group. > > > > Is there a method for NIS'ifying the login.access file or a better > > method to allow ftp access but not shell access. > > You could use rdist to distribute the login.access file. It is part of > the base FreeBSD system although I have found the rdist6 port to be more > useful as I can use ssh for communication between hosts with it. > > -- > Glenn Johnson > glennpj@bayouhome.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005111431250.2711-100000>