Date: Wed, 5 Dec 2001 19:48:54 -0600 From: "Scott Gerhardt" <scott@gerhardt-it.com> To: "FreeBSD" <freebsd-questions@FreeBSD.ORG> Subject: Security Users and Groups Message-ID: <KPEMLBLEMPMHGLJOCDEGEEAKDCAA.scott@gerhardt-it.com>
next in thread | raw e-mail | index | archive | help
Is there a preferred User/Group configuration for FTP only and POP3 only Webclients? Here is what I have done so far: To chroot FTP users, I have added "@webclient" to /etc/ftpchroot. To restrict Logins I have added the following to /etc/login.access: -:ALL EXCEPT wheel:console -:ALL EXCEPT wheel staff:ALL To deny FTP access to POP3 users I have added "@popclient" to /etc/ftpusers. All FTP and POP users are given nologin as their shell. Yes this is rRedundant since login.access takes care of this already but you can't be too safe. QUESTION: Which is the best scenario for setting users group parameters?: 1.) create each user as their own unique group (typical default) and make them a member of webclient or pop client as required. 2.) make their login group = webclient or pop client as required. To me it seems that #1 would be a better model with finer granularity and that #2 will make the group file much smaller but with less control. _________________________________ Scott Gerhardt, P.Geo. Gerhardt Information Technologies _________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KPEMLBLEMPMHGLJOCDEGEEAKDCAA.scott>