From owner-freebsd-questions@FreeBSD.ORG Tue May 30 09:49:33 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DA3016A51B for ; Tue, 30 May 2006 09:49:33 +0000 (UTC) (envelope-from beech@alaskaparadise.com) Received: from stargate.alaskaparadise.com (114-103-74-65.gci.net [65.74.103.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED66443D48 for ; Tue, 30 May 2006 09:49:25 +0000 (GMT) (envelope-from beech@alaskaparadise.com) Received: by stargate.alaskaparadise.com (Postfix, from userid 0) id 69B334066; Tue, 30 May 2006 01:49:02 -0800 (AKDT) From: Beech Rintoul Organization: Alaska Paradise To: freebsd-questions@freebsd.org User-Agent: KMail/1.9.1 References: <447C1021.1070209@webanoide.org> In-Reply-To: <447C1021.1070209@webanoide.org> MIME-Version: 1.0 Date: Tue, 30 May 2006 01:48:42 -0800 Content-Type: multipart/signed; boundary="nextPart1448432.rIM0hVdrV5"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200605300149.00925.beech@alaskaparadise.com> Cc: Marwan Sultan Subject: Re: User Access restriction. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 May 2006 09:49:35 -0000 --nextPart1448432.rIM0hVdrV5 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 30 May 2006 01:28, Mikhail Goriachev wrote: > Marwan Sultan wrote: > > Hello, > > > > Yes, I understand that To lockup a user from navigating outside their > > home directories through > > ftp, I simply can add them to /etc/ftpchroot and when a user connects > > It wont allow him > > to go any level higher than his Home Directory. > > No need for proftpd as additional port, because the base system will do > > it throu /etc/ftpchroot > > > > BUT!! > > The user can connect through SSH and navigate, > > Here where my information stops, > > 2 questions, > > 1) How do I have a list from few users to disallow them using SSH? > > is there any where i add a user to disallow him from using SSH? You can define /usr/sbin/nologin as their shell, that will prevent all shel= l=20 logins for that user. But AFIK the stock ftp will not work without shell=20 access. You will need to use something like proftpd if you go that route. Beech > > man sshd_config > > and see AllowUsers/DenyUsers sections. > > > 2) If I want to lock the user through his SSH session not FTP session > > whats the way? > > Is jail the only way? no easier way? chroot can do it? how if yes? or > > whats the alternatives? > > > > Thank you guys for following up with me. > > > > Marwan > > Cheers, > Mikhail. =2D-=20 =2D------------------------------------------------------------------------= =2D------------- Beech Rintoul - Sys. Administrator - beech@alaskaparadise.com /"\ ASCII Ribbon Campaign | Alaska Paradise \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com =2D------------------------------------------------------------------------= =2D------------- --nextPart1448432.rIM0hVdrV5 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEfBUMp5D0B1NlT4URAqlSAJ9V6OZkd7rgz1bHyBmvh7ZVAnr+EQCfRGGt /jyK7BE/6X1sM/a35EOXXDw= =GcVM -----END PGP SIGNATURE----- --nextPart1448432.rIM0hVdrV5--