[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-admin
Subject:    Re: FTP question
From:       Jeremy Gaddis <jlgaddis () blueriver ! net>
Date:       2000-05-06 6:54:30
[Download RAW message or body]

At 12:40 PM 5/5/00 -0400, Donald Bowyer wrote:

>What I would like to do is disable their shell access.
>Is this possible? It seems like it would be setting up the FTPdaemon to use
>a default shell, rather than the one specified by the user's passwd entry.

1.  Make sure /bin/false is listed in /etc/shells.
2.  Change the users' shell to /bin/false (using chsh).

A valid shell (e.g. one listed in /etc/shells) is required for
an ftp login.  /bin/false exists on most systems.  It is a very
small shell script and is designed to "do nothing, successfully".
When a user logs in (via telnet, etc) and there shell is set to
/bin/false, it does nothing, then exits, logging them out before
they have a chance to do anything.

Your other option would be to only allow telnet logins from
certain machines (i.e. your administration hosts).

-jg


--
Jeremy L. Gaddis      <jlgaddis@blueriver.net>
-====---====---====---====---====---====---====---====---====---====---====-
 to unsubscribe email "unsubscribe linux-admin" to majordomo@vger.rutgers.edu
 See the linux-admin FAQ: http://www.kalug.lug.net/linux-admin-FAQ/

[prev in list] [next in list] [prev in thread] [next in thread]