From owner-freebsd-isp Wed May 23 8:16:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hex.databits.net (hex.databits.net [207.29.192.16]) by hub.freebsd.org (Postfix) with SMTP id 28A8C37B424 for ; Wed, 23 May 2001 08:16:26 -0700 (PDT) (envelope-from petef@hex.databits.net) Received: (qmail 91676 invoked by uid 1001); 23 May 2001 15:16:24 -0000 Date: Wed, 23 May 2001 11:16:24 -0400 From: Pete Fritchman To: alexus Cc: freebsd-isp@freebsd.org Subject: Re: restriction of user Message-ID: <20010523111624.A69978@databits.net> References: <001a01c0e39a$8dfd4b70$01000001@book> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001a01c0e39a$8dfd4b70$01000001@book>; from ml@db.nexgen.com on Wed, May 23, 2001 at 11:10:50AM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ++ 23/05/01 11:10 -0400 - alexus: | how can i disallow certain users shell access but do not restrict ftp/mail | acccess? Give them a shell listed in /etc/shells but is not a login shell. For example: ln -s /sbin/nologin /sbin/ftponly echo "/sbin/ftponly" >> /etc/shells Now, if you have a user that should be able to authenticate with other services (mail, ftp, etc) but should not be able to login via a shell, set their shell to /sbin/ftponly. (/sbin/nologin works too, but if you want an ftp-only account the shell must be in /etc/shells, and having /sbin/nologin in /etc/shells can be a problem.. say if you set suspended users to /sbin/nologin they could still ftp in). Good luck, -pete -- Pete Fritchman Databits Network Services, Inc. finger petef@databits.net for PGP key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message