netbsd-users: Re: ftp yes, shell no

Subject: Re: ftp yes, shell no
To: Johnny Billquist <bqt@update.uu.se>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 07/29/2004 10:02:17

In message <Pine.LNX.4.58.0407291526510.24911@Tempo.Update.UU.SE>, Johnny Billq
uist writes:
>On Thu, 29 Jul 2004, Zafer Aydogan wrote:
>
>> Hello everyone on the whole wide world,
>>
>> My Aim is to enable ftp access, but deny shell access.
>> If I set the shell to /sbin/nologin the ftp login is also denied with the
>> words "the user may not use ftp".
>> How shall I manage this ?
>
>Add the /sbin/nologin to /etc/shells.
>

That would let all users with that as their shell use ftp.  Instead, 
create a link /sbin/nologin-with-ftp to /sbin/nologin, and add
the new name to /etc/shells.


		--Steve Bellovin, http://www.research.att.com/~smb