Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 May 2006 01:48:42 -0800
From:      Beech Rintoul <beech@alaskaparadise.com>
To:        freebsd-questions@freebsd.org
Cc:        Marwan Sultan <dead_line@hotmail.com>
Subject:   Re: User Access restriction.
Message-ID:  <200605300149.00925.beech@alaskaparadise.com>
In-Reply-To: <447C1021.1070209@webanoide.org>
References:  <BAY20-F581481997A7225DDC07E69A920@phx.gbl> <447C1021.1070209@webanoide.org>

next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1448432.rIM0hVdrV5
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 30 May 2006 01:28, Mikhail Goriachev wrote:
> Marwan Sultan wrote:
> > Hello,
> >
> >  Yes, I understand that To lockup a user from navigating outside their
> > home directories through
> >  ftp, I simply can add them to /etc/ftpchroot and when a user connects
> > It wont allow him
> >  to go any level higher than his Home Directory.
> >  No need for proftpd as additional port, because the base system will do
> > it throu /etc/ftpchroot
> >
> >  BUT!!
> >  The user can connect through SSH and navigate,
> >  Here where my information stops,
> >  2 questions,
> > 1)  How do I have a list from few users to disallow them using SSH?
> >     is there any where i add a user to disallow him from using SSH?

You can define /usr/sbin/nologin as their shell, that will prevent all shel=
l=20
logins for that user. But AFIK the stock ftp will not work without shell=20
access. You will need to use something like proftpd if you go that route.

Beech
>
> man sshd_config
>
> and see AllowUsers/DenyUsers sections.
>
> > 2) If I want to lock the user through his SSH session not FTP session
> > whats the way?
> >    Is jail the only way? no easier way? chroot can do it? how if yes? or
> > whats the alternatives?
> >
> > Thank you guys for following up with me.
> >
> > Marwan
>
> Cheers,
> Mikhail.

=2D-=20

=2D------------------------------------------------------------------------=
=2D-------------
Beech Rintoul - Sys. Administrator - beech@alaskaparadise.com
/"\   ASCII Ribbon Campaign  | Alaska Paradise
\ / - NO HTML/RTF in e-mail  | 201 East 9Th Avenue Ste.310
 X  - NO Word docs in e-mail | Anchorage, AK 99501
/ \  - Please visit Alaska Paradise - http://www.alaskaparadise.com
=2D------------------------------------------------------------------------=
=2D-------------












--nextPart1448432.rIM0hVdrV5
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQBEfBUMp5D0B1NlT4URAqlSAJ9V6OZkd7rgz1bHyBmvh7ZVAnr+EQCfRGGt
/jyK7BE/6X1sM/a35EOXXDw=
=GcVM
-----END PGP SIGNATURE-----

--nextPart1448432.rIM0hVdrV5--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605300149.00925.beech>