From owner-freebsd-questions Fri Dec 8 14:29:38 2000 From owner-freebsd-questions@FreeBSD.ORG Fri Dec 8 14:29:36 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from everest.iowaone.net (everest.iowaone.net [12.13.110.22]) by hub.freebsd.org (Postfix) with SMTP id B9EE437B402 for ; Fri, 8 Dec 2000 14:29:35 -0800 (PST) Received: (qmail 30005 invoked from network); 8 Dec 2000 22:37:08 -0000 Received: from everest.iowaone.net (12.13.110.22) by everest.iowaone.net with SMTP; 8 Dec 2000 22:37:08 -0000 Date: Fri, 8 Dec 2000 16:37:08 -0600 (CST) From: "Nicolai L. Brown" To: Bill Paul Cc: Subject: Re: scp only In-Reply-To: <20001208202307.0CE0E37B401@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 8 Dec 2000, Bill Paul wrote: > > Don't know if this is the best solution, but it will work. > > No it won't, monkeyboy. Even though the user doesn't have write access > to the files, he still owns the directory in which they reside. All > he has to do is FTP in and delete or rename them. Chown'ing the user's > home directory, would prevent this, but it might screw up other things. First of all, you flame me and you're wrong. Second of all, I don't know why someone would open FTP when they want people to use scp. Having a bad day? Don't take it out on loyal FreeBSD users. Also, if they chown'd the home directory, that would break qmail. > I would set the user's shell to /bin/false instead. I'm not sure > how sshd will react to this though. No go. What is the best solution? As I said, my suggestion may not be the best solution, but at least it works. And, you haven't proven that you can break it without enabling ftp for the user. Nicolai > -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message