From owner-freebsd-questions@FreeBSD.ORG  Fri Mar 28 23:49:53 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 09ABA37B401
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Mar 2003 23:49:53 -0800 (PST)
Received: from mail.clubplus.net (mail.clubplus.net [216.191.22.200])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1820343F93
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Mar 2003 23:49:52 -0800 (PST)
	(envelope-from david@skytrackercanada.com)
Received: from skytrackercanada.com (3s1.com [209.188.66.29])
	by mail.clubplus.net (8.12.7/8.12.7) with ESMTP id h2T7pSDa022744;
	Sat, 29 Mar 2003 02:51:28 -0500
Received: (from root@localhost)
	by skytrackercanada.com (8.12.6/8.12.6) id h2T7nlWJ017227;
	Sat, 29 Mar 2003 02:49:47 -0500 (EST)
	(envelope-from david@skytrackercanada.com)
Received: from skytrackercanada.com (localhost [127.0.0.1])
	by skytrackercanada.com (8.12.6/8.12.6) with ESMTP id h2T7nkwP017201;
	Sat, 29 Mar 2003 02:49:46 -0500 (EST)
	(envelope-from david@skytrackercanada.com)
Received: (from david@localhost)
	by skytrackercanada.com (8.12.6/8.12.6/Submit) id h2T7niVH017200;
	Sat, 29 Mar 2003 02:49:44 -0500 (EST)
	(envelope-from david)
Date: Sat, 29 Mar 2003 02:49:44 -0500
From: David Banning <david@skytracker.ca>
To: Michael Grant <mg-fbsd3@grant.org>
Message-ID: <20030329024944.B16898@skytrackercanada.com>
References: <200303281546.h2SFkxNg085135@grant.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200303281546.h2SFkxNg085135@grant.org>;
	from mg-fbsd3@grant.org on Fri, Mar 28, 2003 at 10:46:59AM -0500
X-scanner: scanned by Inflex 1.0.12.3 - (http://pldaniels.com/inflex/)
X-RAVMilter-Version: 8.4.2(snapshot 20021217) (mail)
cc: freebsd-questions@freebsd.org
Subject: Re: restricting certain users to certain things (pam?)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Mar 2003 07:49:54 -0000

On Fri, Mar 28, 2003 at 10:46:59AM -0500, Michael Grant wrote:
> I have a requirement to restrict certain users to logging in in
> certain ways.  For example, some users can ftp, others can ftp, ssh,
> and get a shell, other users can relay mail using auth login.
> 
> I am pretty sure I can do this though pam.conf.  Has anyone actually
> done this?  Can someone slide me some examples?

I have users who collect mail via pop and webmail, and other
users who use ftp. I just put /sbin/nologin as their shell in
the password file. This prevents them from logging in.
I have heard that rsh is insecure.