From owner-freebsd-security Wed Oct 21 11:24:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA19768 for freebsd-security-outgoing; Wed, 21 Oct 1998 11:24:47 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from bagira.iit.bme.hu (bagira.iit.bme.hu [152.66.241.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19758 for ; Wed, 21 Oct 1998 11:24:43 -0700 (PDT) (envelope-from mohacsi@bagira.iit.bme.hu) Received: from localhost (mohacsi@localhost) by bagira.iit.bme.hu (8.9.0.Beta5/8.9.0.Beta3+BME-IIT) with SMTP id UAA22361 for ; Wed, 21 Oct 1998 20:24:07 +0200 (MET DST) Date: Wed, 21 Oct 1998 20:24:05 +0200 (MET DST) From: Janos Mohacsi To: security@FreeBSD.ORG Subject: login/shell/ftp/e-mail policy Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sirs, What is the policy to use in the FreeBSD in the logins? Which shells should I use for different sets of users? I have following scheme: login ftp email(pop,imap) ordinary shells (sh,csh,bash,tcsh): + + + nologin (I have put to /etc/shells): - + + /bin/false - - + nonexistent - - - Is it good, or do you have other scheme? To able to get this scheme work (for a less trained person) I had to change the adduser script. (of course I can deny some users ftp access by /etc/ftpusers, and pop access by /etc/noauthfile). Any comments are welcome, Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message