Date: Tue, 30 May 2006 01:48:42 -0800 From: Beech Rintoul <beech@alaskaparadise.com> To: freebsd-questions@freebsd.org Cc: Marwan Sultan <dead_line@hotmail.com> Subject: Re: User Access restriction. Message-ID: <200605300149.00925.beech@alaskaparadise.com> In-Reply-To: <447C1021.1070209@webanoide.org> References: <BAY20-F581481997A7225DDC07E69A920@phx.gbl> <447C1021.1070209@webanoide.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1448432.rIM0hVdrV5 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 30 May 2006 01:28, Mikhail Goriachev wrote: > Marwan Sultan wrote: > > Hello, > > > > Yes, I understand that To lockup a user from navigating outside their > > home directories through > > ftp, I simply can add them to /etc/ftpchroot and when a user connects > > It wont allow him > > to go any level higher than his Home Directory. > > No need for proftpd as additional port, because the base system will do > > it throu /etc/ftpchroot > > > > BUT!! > > The user can connect through SSH and navigate, > > Here where my information stops, > > 2 questions, > > 1) How do I have a list from few users to disallow them using SSH? > > is there any where i add a user to disallow him from using SSH? You can define /usr/sbin/nologin as their shell, that will prevent all shel= l=20 logins for that user. But AFIK the stock ftp will not work without shell=20 access. You will need to use something like proftpd if you go that route. Beech > > man sshd_config > > and see AllowUsers/DenyUsers sections. > > > 2) If I want to lock the user through his SSH session not FTP session > > whats the way? > > Is jail the only way? no easier way? chroot can do it? how if yes? or > > whats the alternatives? > > > > Thank you guys for following up with me. > > > > Marwan > > Cheers, > Mikhail. =2D-=20 =2D------------------------------------------------------------------------= =2D------------- Beech Rintoul - Sys. Administrator - beech@alaskaparadise.com /"\ ASCII Ribbon Campaign | Alaska Paradise \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com =2D------------------------------------------------------------------------= =2D------------- --nextPart1448432.rIM0hVdrV5 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQBEfBUMp5D0B1NlT4URAqlSAJ9V6OZkd7rgz1bHyBmvh7ZVAnr+EQCfRGGt /jyK7BE/6X1sM/a35EOXXDw= =GcVM -----END PGP SIGNATURE----- --nextPart1448432.rIM0hVdrV5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605300149.00925.beech>