From owner-freebsd-questions  Tue May 19 06:57:23 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA18921
          for freebsd-questions-outgoing; Tue, 19 May 1998 06:57:23 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from plains.NoDak.edu (tinguely@plains.NoDak.edu [134.129.111.64])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA18912
          for <freebsd-questions@FreeBSD.ORG>; Tue, 19 May 1998 06:57:18 -0700 (PDT)
          (envelope-from tinguely@plains.NoDak.edu)
Received: (from tinguely@localhost)
	by plains.NoDak.edu (8.8.8/8.8.8) id IAA00784;
	Tue, 19 May 1998 08:57:09 -0500 (CDT)
Date: Tue, 19 May 1998 08:57:09 -0500 (CDT)
From: Mark Tinguely <tinguely@plains.NoDak.edu>
Message-Id: <199805191357.IAA00784@plains.NoDak.edu>
To: ken@vicken.com
Subject: Re: Telnet & FTP Restrictions
Cc: freebsd-questions@FreeBSD.ORG
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


>  My question is can I restrict users to just FTP, telnet or mail.

bash and other shells have a "restricted shell" feature in them that
lets you restrict the PATH and SHELL variable. make a new directory, place
the couple commands that you wish the user to use and make that directory
to be the only entry in the PATH statement. The SHELL variable must be also
set to rbash to prevent users to bypass the restriction by shelling out of
programs like mail.

--mark.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message