Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 May 2000 14:35:50 -0700 (PDT)
From:      Rudy Rucker <rudy@pollo.monkeybrains.net>
To:        FBSD-Q <freebsd-questions@FreeBSD.ORG>
Subject:   Re: NIS map for /etc/login.access
Message-ID:  <Pine.BSF.4.21.0005111431250.2711-100000@pollo.monkeybrains.net>
In-Reply-To: <20000511222945.A31266@gforce.johnson.home>
next in thread | previous in thread | raw e-mail | index | archive | help 

You could make the users shell be /bin/ftponly and have 'ftponly' be
something like:

 #!/bin/sh
 echo "Sorry, you are not allowed to FTP to this machine."
 echo "Contact Glenn if you have any questions."

Oh... you will need to add /bin/ftponly to your /etc/shells, unless you
are using something like 'proftpd' which allows you to not check the
/etc/shells file.  I like 'proftpd' because it has the ability to
chroot()... thus, you can hide all the directories except /home from your
users.

Rudy

On Thu, 11 May 2000, Glenn Johnson wrote:

> On Thu, May 11, 2000 at 06:16:36PM -0700, Blake Swensen wrote:
> 
> > I have a need to prevent certain clients, who need FTP access, from
> > telneting into the machines on my network.
> >
> > I have been using /etc/login.access to prohibit those users, but it is
> > a hassle to add an entry in every machine on the network.
> >
> > Have also tried to add those users to a NIS'ed group and added the
> > @groupname to login.access. Login.access must only look at the user's
> > GID, not the group file, or the NIS map for group.
> >
> > Is there a method for NIS'ifying the login.access file or a better
> > method to allow ftp access but not shell access.
> 
> You could use rdist to distribute the login.access file. It is part of
> the base FreeBSD system although I have found the rdist6 port to be more
> useful as I can use ssh for communication between hosts with it.
> 
> -- 
> Glenn Johnson
> glennpj@bayouhome.net
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005111431250.2711-100000>