From owner-freebsd-questions@FreeBSD.ORG Thu Feb 10 18:42:10 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 579EF16A4CE for ; Thu, 10 Feb 2005 18:42:10 +0000 (GMT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id E991943D31 for ; Thu, 10 Feb 2005 18:42:09 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.13.1/8.13.1) id j1AIg5VE090350; Thu, 10 Feb 2005 12:42:05 -0600 (CST) (envelope-from dan) Date: Thu, 10 Feb 2005 12:42:05 -0600 From: Dan Nelson To: "Dixit, Viraj" Message-ID: <20050210184205.GA86873@dan.emsphone.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 5.3-STABLE X-message-flag: Outlook Error User-Agent: Mutt/1.5.7i cc: freebsd-questions@freebsd.org Subject: Re: Telnet and FTP issues on 5.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 18:42:10 -0000 In the last episode (Feb 10), Dixit, Viraj said: > I have been searching for few days everywhere an answer to this > question. Is there a way to stop telnet access for a group let's say > ftponly but allow them to have FTP access in FreeBSD 5.3. I know this > works in my old system BSD OS 4.3. The commands are like this in > login.conf file in BSD OS 4.3. > > #restrict telnet for ftponly group only > ftponly:\ > :auth-network=reject:\ > :auth-ftp=passwd: One way to do this is to set the user's shell to /usr/sbin/nologin and add /usr/sbin/nologin to the /etc/shells file. They won't be able to telnet or ssh in, but they will be able to ftp. -- Dan Nelson dnelson@allantgroup.com