From owner-freebsd-isp@FreeBSD.ORG Wed Aug 20 17:08:18 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2E8B16A4BF for ; Wed, 20 Aug 2003 17:08:18 -0700 (PDT) Received: from stella.pyramus.com (ns2.pyramus.com [67.92.212.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3245343FB1 for ; Wed, 20 Aug 2003 17:08:18 -0700 (PDT) (envelope-from blake@pyramus.com) Received: from pyramus.com (dark-star.pyramus.com [10.10.1.7]) by stella.pyramus.com (8.11.6/8.9.3) with ESMTP id h7L08IZ03659 for ; Wed, 20 Aug 2003 17:08:18 -0700 (PDT) (envelope-from blake@pyramus.com) Message-ID: <3F440D27.7080902@pyramus.com> Date: Wed, 20 Aug 2003 17:07:03 -0700 From: Blake Swensen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210 X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD ISP List References: <3F439250.6010408@pyramus.com> In-Reply-To: <3F439250.6010408@pyramus.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Best methods for preventing SSH allowing FTP X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2003 00:08:19 -0000 Thanks to all for chiming in on this one. I haven't had much luck with the /etc/login.access method. -- thanks Scott for reminding me -- It might have something to do with NIS(?), but it seems to be ignored (maybe because NIS groups aren't accessed by this method?). The myriad of shell ideas are interesting, but would need to be propagated to all machines on the network... this is do-able. I like the idea of writing a small script (thanks Walter) to send a little message to the user. Wasn't there some security issue around using a script as the default shell.... especially since one invokes a shell to make this work? Blake Blake Swensen wrote: > Anyone have suggestions for the best methods for locking an account so > that a user or a group can only ftp/POP/IMAP and prevent all other access. > > Blake -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Internet Rescue Company - http://www.pyramus.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Blake R. Swensen Pyramus Online, Inc. President 2080 SE Oak Grove Blvd. Suite 11 Milwaukie, Oregon 97267 800-327-5101 vox:503-353-0455 fax:503-353-0453 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "We measure success by the success of our clients"