Subject: Re: ftp yes, shell no
To: Steven M. Bellovin <smb@research.att.com>
From: Lubomir Sedlacik <salo@Xtrmntr.org>
List: netbsd-users
Date: 07/29/2004 16:13:01
--kkRamCq5m5VQq0L6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi,

On Thu, Jul 29, 2004 at 10:02:17AM -0400, Steven M. Bellovin wrote:
> Johnny Billquist writes:
> >On Thu, 29 Jul 2004, Zafer Aydogan wrote:
> > > My Aim is to enable ftp access, but deny shell access.  If I set
> > > the shell to /sbin/nologin the ftp login is also denied with the
> > > words "the user may not use ftp".  How shall I manage this ?
> >
> > Add the /sbin/nologin to /etc/shells.
>=20
> That would let all users with that as their shell use ftp.  Instead,
> create a link /sbin/nologin-with-ftp to /sbin/nologin, and add the new
> name to /etc/shells.

alternatively, you can restrict access to ftp in ftpusers(5).
see also PR bin/26266.


regards,

--=20
-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

--kkRamCq5m5VQq0L6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFBCQXtiwjDDlS8cmMRApodAJ49ZRkufRsYuxAGN+D1ypfACbAQLwCfZ8Ir
GUqx9LfOBnfpqtamnLWHFtM=
=zvcg
-----END PGP SIGNATURE-----

--kkRamCq5m5VQq0L6--