Date: Tue, 30 May 2006 09:52:47 -0400 (EDT) From: Jerry McAllister <jerrymc@clunix.cl.msu.edu> To: beech@alaskaparadise.com (Beech Rintoul) Cc: freebsd-questions@freebsd.org, Marwan Sultan <dead_line@hotmail.com> Subject: Re: User Access restriction. Message-ID: <200605301352.k4UDqlcg003756@clunix.cl.msu.edu> In-Reply-To: <200605300149.00925.beech@alaskaparadise.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Tuesday 30 May 2006 01:28, Mikhail Goriachev wrote: > > Marwan Sultan wrote: > > > Hello, > > > > > > Yes, I understand that To lockup a user from navigating outside their > > > home directories through > > > ftp, I simply can add them to /etc/ftpchroot and when a user connects > > > It wont allow him > > > to go any level higher than his Home Directory. > > > No need for proftpd as additional port, because the base system will do > > > it throu /etc/ftpchroot > > > > > > BUT!! > > > The user can connect through SSH and navigate, > > > Here where my information stops, > > > 2 questions, > > > 1) How do I have a list from few users to disallow them using SSH? > > > is there any where i add a user to disallow him from using SSH? > > You can define /usr/sbin/nologin as their shell, that will prevent all shel= > l=20 > logins for that user. But AFIK the stock ftp will not work without shell=20 > access. You will need to use something like proftpd if you go that route. It has been a long time since I played with it (years) but I think exactly what you suggest here will work as the poster wants. Of course, nologin or its equivalent needs to be listed in /etc/shells. ////jerry > > Beech > > > > man sshd_config > > > > and see AllowUsers/DenyUsers sections. > > > > > 2) If I want to lock the user through his SSH session not FTP session > > > whats the way? > > > Is jail the only way? no easier way? chroot can do it? how if yes? or > > > whats the alternatives? > > > > > > Thank you guys for following up with me. > > > > > > Marwan > > > > Cheers, > > Mikhail. > > =2D-=20 > > =2D------------------------------------------------------------------------= > =2D------------- > Beech Rintoul - Sys. Administrator - beech@alaskaparadise.com > /"\ ASCII Ribbon Campaign | Alaska Paradise > \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 > X - NO Word docs in e-mail | Anchorage, AK 99501 > / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com > =2D------------------------------------------------------------------------= > =2D------------- > > > > > > > > > > > > > --nextPart1448432.rIM0hVdrV5 > Content-Type: application/pgp-signature > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (FreeBSD) > > iD8DBQBEfBUMp5D0B1NlT4URAqlSAJ9V6OZkd7rgz1bHyBmvh7ZVAnr+EQCfRGGt > /jyK7BE/6X1sM/a35EOXXDw= > =GcVM > -----END PGP SIGNATURE----- > > --nextPart1448432.rIM0hVdrV5-- >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605301352.k4UDqlcg003756>