netbsd-users: Re: ftp yes, shell no

Subject: Re: ftp yes, shell no
To: None <netbsd-users@netbsd.org>
From: fab <fab@gnux.info>
List: netbsd-users
Date: 07/29/2004 15:32:07

On Thu, Jul 29, 2004 at 03:21:47PM +0200, Zafer Aydogan wrote:
> Hello everyone on the whole wide world,
> 
> My Aim is to enable ftp access, but deny shell access.
> If I set the shell to /sbin/nologin the ftp login is also denied with the
> words "the user may not use ftp".
> How shall I manage this ?

I had quite the same problem "shell no, cvs yes", I managed it via the
ssh :
in the user's HOME I have :
.ssh/authorized_keys
command="cvs server" ssh-dss AAAAB3Nza....
and
command="cvs server" ssh-rsa AAAAB...
to restrict the possible commands via ssh.

Another possibility is to get a restricted shell like this one :
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/berlios/SF2.5/utils/grap.c

Regards.
Fabien Devaux.