From owner-freebsd-questions Sat May 25 14:36:27 2002 Delivered-To: freebsd-questions@freebsd.org Received: from tninet.se (sheridan.tninet.se [195.100.94.102]) by hub.freebsd.org (Postfix) with ESMTP id 03A6437B401 for ; Sat, 25 May 2002 14:36:22 -0700 (PDT) Received: from cs.umu.se (h121n1c1o1023.bredband.skanova.com [213.64.164.121]) by sheridan.tninet.se (BMR ErlangTM/OTP 3.0) with ESMTP id 447234.362519.1022.1s1022178sheridan ; Sat, 25 May 2002 23:35:19 +0200 Message-ID: <3CF003CB.2BF0E249@cs.umu.se> Date: Sat, 25 May 2002 23:36:11 +0200 From: Paul Everlund X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: sv,en MIME-Version: 1.0 To: Patrick O'Reilly Cc: freebsd-questions@FreeBSD.ORG Subject: Re: FTP server, telnetd and shells (fixed) References: <3CEF8A4A.70062684@cs.umu.se> <3CEF901D.3B7570A@cs.umu.se> <200205252251.51986@.perimeter.co.za> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Patrick O'Reilly wrote: > > On Sat 25 May 02 15:22, you wrote: > > Paul Everlund wrote: > > > > Hey stoopid! Tell your one braincell to put /sbin/nologin > > into /etc/shells, then do vipw and change the shell entry > > in the password file to /sbin/nologin. Now it should work! > > > > ---- > > > > And it did! Thanks Paul for your great tip! :-) > > > > You know - they say that people who talk to themselves are..., > well... "stoopid" ;) :-) > Anyway, this is not what you asked, but something I do reli- > giously when I build FTP servers, and particularly for ftp > accounts that do NOT have shell access, is to use the /etc/ > ftpchroot file. It's a simple but> handy way to keep your > FTP users within their little oxes. If you have not read up > on it - do so! > > # man ftpd > (search for ftpchroot by typing: /chroot ) > > My method is to create a group called ftp (in /etc/groups), > and then use that is the group when adding ftp user accounts. > Finalyy, edit /etc/ftpchroot, and insert this line: > > @ftp > > Have fun. > > -- > Regards, > Patrick O'Reilly. I'm using proftpd, which has a config file much like Apache's, and chroot is done a bit different, but with the same result, and I'm using it. Also the ftp users have their own group. So I have, without knowing it, followed your tips. :-) Thanks a lot anyway for sharing your knowledge! Not easy for you to know what I do know and don't, so I appreciate taking your time. Best regards, Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message