From owner-freebsd-current@FreeBSD.ORG Wed Feb 25 02:00:38 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C91A16A4D2; Wed, 25 Feb 2004 02:00:38 -0800 (PST) Received: from shaft.techsupport.co.uk (shaft.techsupport.co.uk [212.250.77.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F45843D2F; Wed, 25 Feb 2004 02:00:12 -0800 (PST) (envelope-from setantae@submonkey.net) Received: from cpc2-cdif3-6-0-cust204.cdif.cable.ntl.com ([81.103.67.204] helo=shrike.submonkey.net ident=mailnull) by shaft.techsupport.co.uk with esmtp (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.30; FreeBSD) id 1Avvpp-000ILp-Ik; Wed, 25 Feb 2004 10:00:09 +0000 Received: from setantae by shrike.submonkey.net with local (Exim 4.30; FreeBSD) id 1Avvpm-0007ON-0k; Wed, 25 Feb 2004 10:00:06 +0000 Date: Wed, 25 Feb 2004 10:00:05 +0000 From: Ceri Davies To: kientzle@acm.org Message-ID: <20040225100005.GV45593@submonkey.net> Mail-Followup-To: Ceri Davies , kientzle@acm.org, Lanny Baron , David Schultz , freebsd-current@freebsd.org, Colin Percival References: <6.0.1.1.1.20040223171828.03de8b30@imap.sfu.ca> <20040224223659.GB69570@VARK.homeunix.com> <6.0.1.1.1.20040224225502.03dcfb10@imap.sfu.ca> <403BE4BC.9070009@kientzle.com> <403BE803.40606@FreeBSDsystems.COM> <403BEFFB.3010702@kientzle.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ahZICQ7iXVM/oLYH" Content-Disposition: inline In-Reply-To: <403BEFFB.3010702@kientzle.com> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.4i Sender: Ceri Davies cc: David Schultz cc: freebsd-current@freebsd.org cc: Colin Percival cc: Lanny Baron Subject: Re: What to do about nologin(8)? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 10:00:38 -0000 --ahZICQ7iXVM/oLYH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 24, 2004 at 04:44:43PM -0800, Tim Kientzle wrote: > Lanny Baron wrote: > >Hi, > >What I have done in the past for preventing logins via telnet/ssh is to= =20 > >make a script called ftponly and put it in /usr/local/bin and in=20 > >/etc/shells put a line as /usr/local/bin/ftponly > > > >The little script for /usr/local/bin/ftponly is: > > > >#!/bin/sh -p > >echo 'This account is currently available only for FTP access.' > >exit 1 > > > >Of course when you run adduser or pw useradd, you will choose=20 > >/usr/local/bin/ftponly as their shell. >=20 > I'm trying to better understand how people are > really using these facilities, so I have a couple > of questions for you: >=20 > 1) Why did you put it in /etc/shells? What am I missing here? ftpd(8) says: 4. The user must have a standard shell returned by getusershell(3). Ceri --=20 --ahZICQ7iXVM/oLYH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAPHIlocfcwTS3JF8RAl8SAJ92MwvIuD/x4oQq7P76jbQezAtFDQCcCXcT fVDQCHkvWJfWAuiKkRxePAw= =coCD -----END PGP SIGNATURE----- --ahZICQ7iXVM/oLYH--