From owner-freebsd-questions  Fri Mar  8 15:44:17 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from out4.mx.nwbl.wi.voyager.net (out4.mx.nwbl.wi.voyager.net [169.207.1.77])
	by hub.freebsd.org (Postfix) with ESMTP id E666B37B405
	for <freebsd-questions@FreeBSD.ORG>; Fri,  8 Mar 2002 15:44:02 -0800 (PST)
Received: from shell.core.com (shell.core.com [169.207.1.89])
	by out4.mx.nwbl.wi.voyager.net (8.11.1/8.11.4/1.7) with ESMTP id g28Ni2585291;
	Fri, 8 Mar 2002 17:44:02 -0600 (CST)
Received: from localhost (raiden@localhost)
	by shell.core.com (8.11.6/8.11.6/1.3) with ESMTP id g28Ni2c08169;
	Fri, 8 Mar 2002 17:44:02 -0600 (CST)
Date: Fri, 8 Mar 2002 17:44:01 -0600 (CST)
From: Steven Lake <raiden@shell.core.com>
X-X-Sender: raiden@shell.core.com
To: Steve Tremblett <sjt@cisco.com>
Cc: Steven Lake <raiden@shell.core.com>,
	<freebsd-questions@FreeBSD.ORG>
Subject: Re: Selectively forbidding login
In-Reply-To: <20020308181812.A8403@sjt-u10.cisco.com>
Message-ID: <Pine.GSO.4.44L0.0203081733540.6940-100000@shell.core.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	Darn it, replied to the wrong person, but yeah, it's working.  And
by putting an empty file in /etc allows the computer to automatically
refuse the connection as soon as any connections are attempted, with the
exception of FTP.  So thanks.  :)

On Fri, 8 Mar 2002, Steve Tremblett wrote:

> I believe a user will be allowed FTP login if their shell is in
> /etc/shells.  I'm not %100 sure on what nologin does (not on a FreeBSD
> box right now), but I'm guessing that if it is a shell that is made up
> of something like "int main() { return 0; }" it should be safe to put
> in /etc/shells.
>
> +---- Steven Lake wrote:
> | 	Ok, I've looked around and tried the suggestion to modify a user's
> | login so that it reads /sbin/nologin for the shell to prevent user from
> | logging into ssh, but it also blocks them from logging in via FTP and all
> | other services as well.
> |
> | 	All I want it to do is prevent a user from logging into the server via
> | anything but FTP.  I want them to have FTP access and when they login
> | they land in their home directory with the path showing in the FTP
> | program as "/", but nothing else.  How would I best go about this?
> |
> | 	AKA.  When a user does "PWD" all they see is "Current directory is
> | /" instead of the full path and when they do a CD.. they can't go any
> | higher in the directory structure.  Basically put I'm wanting to set users
> | so that they can't see anything on the server except their home directory.
> |
> | 	Thanks again!
> |
> |
> | To Unsubscribe: send mail to majordomo@FreeBSD.org
> | with "unsubscribe freebsd-questions" in the body of the message
> |
> +---end quoted text---
>
> --
> Steve Tremblett
> Cisco Systems
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message