Date: Wed, 20 Aug 2003 17:07:03 -0700 From: Blake Swensen <blake@pyramus.com> To: FreeBSD ISP List <freebsd-isp@freebsd.org> Subject: Re: Best methods for preventing SSH allowing FTP Message-ID: <3F440D27.7080902@pyramus.com> In-Reply-To: <3F439250.6010408@pyramus.com> References: <3F439250.6010408@pyramus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to all for chiming in on this one. I haven't had much luck with the /etc/login.access method. -- thanks Scott for reminding me -- It might have something to do with NIS(?), but it seems to be ignored (maybe because NIS groups aren't accessed by this method?). The myriad of shell ideas are interesting, but would need to be propagated to all machines on the network... this is do-able. I like the idea of writing a small script (thanks Walter) to send a little message to the user. Wasn't there some security issue around using a script as the default shell.... especially since one invokes a shell to make this work? Blake Blake Swensen wrote: > Anyone have suggestions for the best methods for locking an account so > that a user or a group can only ftp/POP/IMAP and prevent all other access. > > Blake -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Internet Rescue Company - http://www.pyramus.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Blake R. Swensen Pyramus Online, Inc. President 2080 SE Oak Grove Blvd. Suite 11 Milwaukie, Oregon 97267 800-327-5101 vox:503-353-0455 fax:503-353-0453 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "We measure success by the success of our clients"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F440D27.7080902>