From owner-freebsd-questions@FreeBSD.ORG Mon Apr 30 01:17:28 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E60AA16A401 for ; Mon, 30 Apr 2007 01:17:28 +0000 (UTC) (envelope-from ray@stilltech.net) Received: from defout.telus.net (defout.telus.net [204.209.205.55]) by mx1.freebsd.org (Postfix) with ESMTP id A4ED613C465 for ; Mon, 30 Apr 2007 01:17:28 +0000 (UTC) (envelope-from ray@stilltech.net) Received: from priv-edmwaa06.telusplanet.net ([205.206.56.226]) by priv-edmwes33.telusplanet.net (InterMail vM.7.08.02.00 201-2186-121-20061213) with ESMTP id <20070430011728.ELHC13667.priv-edmwes33.telusplanet.net@priv-edmwaa06.telusplanet.net> for ; Sun, 29 Apr 2007 19:17:28 -0600 Received: from mail.geekdelivery.com (s205-206-56-226.ab.hsia.telus.net [205.206.56.226]) by priv-edmwaa06.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with ESMTP id 9B20U62XL9 for ; Sun, 29 Apr 2007 19:17:28 -0600 (MDT) Received: from [192.168.0.102] ([70.65.134.12]) by media32.ca (mail.geekdelivery.com) (MDaemon.PRO.v8.1.3.R) with ESMTP id md50000061616.msg for ; Sun, 29 Apr 2007 19:14:33 -0600 From: Ray To: freebsd-questions@freebsd.org Date: Sun, 29 Apr 2007 19:16:39 -0600 User-Agent: KMail/1.9.5 References: <200704291104.18905.ray@stilltech.net> <46353DB8.20105@hier7.com> <46353F16.202@hier7.com> In-Reply-To: <46353F16.202@hier7.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200704291916.39442.ray@stilltech.net> X-Spam-Processed: mail.geekdelivery.com, Sun, 29 Apr 2007 19:14:33 -0600 (not processed: message from valid local sender) X-MDRemoteIP: 70.65.134.12 X-Return-Path: ray@stilltech.net X-MDaemon-Deliver-To: freebsd-questions@freebsd.org X-MDAV-Processed: mail.geekdelivery.com, Sun, 29 Apr 2007 19:14:34 -0600 Subject: Re: allow ftp access, not shell access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ray@stilltech.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2007 01:17:29 -0000 On Sunday 29 April 2007 6:57 pm, you wrote: > On 2007-04-29 20:52, Chris Slothouber wrote: > > On 2007-04-29 13:04, Ray wrote: > >> Hello, > >> I want to allow ftp access to other users, without giving them shell > >> access. how do I configure the adduser command to accomplish this, or is > >> this there some other way? > >> I have tried some things from google / man pages, but I'm not getting > >> it. user ftp home directory will be adjusted in the ftpchroot file. > > > > You can set the user's shell to /sbin/nologin. Also make sure this is > > listed in /etc/shells if you're using FreeBSD's ftpd or lukemftpd. > > Also see `man ftpchroot` for info on securing this. Thanks, I had caught that one but is there anything else I should do for the sake of security? Ray