From owner-freebsd-isp Fri Dec 5 06:55:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id GAA01943 for isp-outgoing; Fri, 5 Dec 1997 06:55:39 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from hoima (hoima.i-way.co.uk [194.129.192.6]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id GAA01929 for ; Fri, 5 Dec 1997 06:55:35 -0800 (PST) (envelope-from scot@duff-beer.com) Received: from homer.duff-beer.com by hoima via SMTP (951211.SGI.8.6.12.PATCH1502/951211.SGI) id OAA16398; Fri, 5 Dec 1997 14:54:40 GMT Date: Fri, 5 Dec 1997 14:55:07 +0000 (GMT) From: Scot Elliott To: Bradley Dunn cc: Gaetan Feige , freebsd-isp@FreeBSD.ORG Subject: Re: User security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Try giving the user an invalid shell (like /nonexistant or a valid one like /bin/false). On Fri, 5 Dec 1997, Bradley Dunn wrote: > On Fri, 5 Dec 1997, Gaetan Feige wrote: > > > I am wondering what is the best way to give a user access to email on a bsd > > box and block him from anything else like telnet, ftp into his account... > > Don't run telnetd, ftpd, etc. :) > > Seriously, black box mail servers that only allow access via IMAP or POP > are the way to go if you can. You can use SSH for remote administration, > and with SSH's "AllowUsers" configuration option you can specify exactly > who can connect via SSH. > > Bradley > > ----------------------------------------------------------------------------- Scot Elliott (scot@poptart.org) | Work: +44 (0)1344 899401 PGP fingerprint: FCAE9ED3A234FEB59F8C7F9DDD112D | Home: +44 (0)181 8961019 ----------------------------------------------------------------------------- Public key available by finger at: finger scot@poptart.org or at: http://www.poptart.org/pgpkey.html