From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 28 16:10:28 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 69AA216A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 28 Mar 2005 16:10:28 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EEC3C43D3F
	for <freebsd-questions@freebsd.org>;
	Mon, 28 Mar 2005 16:10:27 +0000 (GMT)
	(envelope-from jeff.wirth@gmail.com)
Received: by rproxy.gmail.com with SMTP id a36so1991834rnf
	for <freebsd-questions@freebsd.org>;
	Mon, 28 Mar 2005 08:10:27 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=KfN+1kgnIrrP5TnPdVLVsLxDwvB392CHqXn1zB+IaU8uKQasJrGdw1/+hRyiPfz4b1Camek9VTuuZ3tf0RydhunmBwdEI4nzWsDn0iIDUZcRBOEmxclOKeqbuqlViAu5x5trIK1z4IYelpa5BIuRRbaBIFnlxV2q+5SkQhmRuBM=
Received: by 10.38.88.44 with SMTP id l44mr2530636rnb;
        Mon, 28 Mar 2005 08:10:27 -0800 (PST)
Received: by 10.38.181.68 with HTTP; Mon, 28 Mar 2005 08:10:26 -0800 (PST)
Message-ID: <5d2cf692050328081054dc1c81@mail.gmail.com>
Date: Mon, 28 Mar 2005 11:10:26 -0500
From: Jeff Wirth <jeff.wirth@gmail.com>
To: Grant Peel <gpeel@thenetnow.com>
In-Reply-To: <003701c5319e$30ee8920$6401a8c0@GRANT>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
References: <002c01c53145$b9c64390$6401a8c0@GRANT>
	 <4244354E.10401@haystacks.org> <004b01c53155$5ce59c60$6401a8c0@GRANT>
	 <5d2cf6920503251407759fcff0@mail.gmail.com>
	 <003701c5319e$30ee8920$6401a8c0@GRANT>
cc: freebsd-questions@freebsd.org
Subject: Re: sFTP nologin
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Jeff Wirth <jeff.wirth@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2005 16:10:28 -0000

> On Fri, 25 Mar 2005 19:53:12 -0500, Grant Peel <gpeel@thenetnow.com> wrote:
> So, If I simply change the isers shell in /etc/passwd to the
> /usr/local/sbin.scponly shell it should work? If so, it doesn't!
> 
> After installing the port (scponly) does one have to run the chroot scrippts
> and all that they talk about on the site? or should simply adding it to
> /etc/shells and changing the users shell do the trick?
> 

If you want 'chroot' functionality read the Makefile.  The default
build behavior is 'undefined' for chroot.

Once you have scponly built to your needs, all you need is to add
'scponly' ('scponlyc') to /etc/shells and change your users shell
accordingly.  (see manpage for more info)

-jw