Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!newsfeed.internetmci.com!news.jaguNET.com!news From: Paul Chakravarti <paulc@jagunet.com> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: How to permit FTP w/o giving shell access? Date: Tue, 12 Mar 1996 07:16:14 -0500 Organization: jaguNET Access Services Lines: 28 Message-ID: <31456B0E.167EB0E7@jagunet.com> References: <4i0p0k$jtj@muenchen.photogrammetrie.de> <3144EED8.41C67EA6@FreeBSD.org> NNTP-Posting-Host: dlup-a19.jagunet.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 2.0 (X11; I; FreeBSD 2.1.0-RELEASE i386) Jordan K. Hubbard wrote: > > Gerhard Mehldau wrote: > > I would like to give some users access to a (FreeBSD 2.1) > > system *without* allowing them to login directly. I've > > tried setting their shell to /nonexistent, but that also > > prevents them from using ftp. Any ideas? > > I guess you could make their shell /bin/sh and then give them a .profile > that says: > > exit 0 > > In it. There _might_ be a race here if your system is slow enough which > lets them hit ^C before the exit, but I rather doubt that they'd have an > easy time hitting it. > -- > - Jordan Hubbard > President, FreeBSD Project But note that if they had FTP access to their home directory they could just replace .profile - if you want to give them some warning about what is happening just compile a short prog which prints 'Sorry interactive access not allowed...' - add this as their shell and add to /etc/shells Also note that if you allow FTP access to their home ditecrory and E-Mail they can create a .forward file which does unpleasant thing including running 'chsh' to give them an interactive shell