From owner-freebsd-questions  Wed Mar 21 13: 8: 4 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web12505.mail.yahoo.com (web12505.mail.yahoo.com [216.136.173.197])
	by hub.freebsd.org (Postfix) with SMTP id 8DC9837B71F
	for <freebsd-questions@FreeBSD.ORG>; Wed, 21 Mar 2001 13:07:53 -0800 (PST)
	(envelope-from millioncheese@yahoo.com)
Message-ID: <20010321205627.78101.qmail@web12505.mail.yahoo.com>
Received: from [129.237.196.95] by web12505.mail.yahoo.com; Wed, 21 Mar 2001 12:56:27 PST
Date: Wed, 21 Mar 2001 12:56:27 -0800 (PST)
From: Tyler McGeorge <millioncheese@yahoo.com>
Reply-To: treznor@sunflower.com
Subject: Re: Users for Daemons - not logging in - how?
To: SF <lists@stevenfettig.com>,
	Freebsd-Questions <freebsd-questions@FreeBSD.ORG>
In-Reply-To: <LOBBKFILCMGGNDCBBCELIEJJDOAA.lists@stevenfettig.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Make the login shell /bin/no (I believe). Not sure, I
still haven't weened myself from adduser script. If
you use the adduser script, it will have a no or
noshell option for their login shell. This prevents
console/telnet/ssh login, but will still allow FTP.
And the user will be valid, so you will be able to run
services with it. I believe there a default daemon
user, but I am unsure as to it's intent.

Best of luck,
Tyler McGeorge
--- SF <lists@stevenfettig.com> wrote:
> I'm trying to set up users for running specific
> service daemons, but I don't
> want someone to be able to use that user to log into
> the machine via ssh
> (which is the only way to log into the machine
> remotely) or the console.  I
> searched through the mail list and couldn't find the
> answer, but apologize
> if this has been asked before.  Would I be correct
> in doing something
> similar to what one does when installing qmail?
> I.e.:
> 
> pw groupadd daemongrp
> pw useradd daemon1 -g daemongrp -d /var/daemondir -s
> /nonexistent
> 
> &tc...
> 
> I guess I'm looking for a fairly secure way of
> adding groups and users that
> won't open me up to possible attacks.  Any
> suggestions are welcome.
> 
> TIA,
> SF
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of
> the message
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message