netbsd-users: Re: ftp yes, shell no

Subject: Re: ftp yes, shell no
To: None <netbsd-users@netbsd.org>
From: Joel Rees <joel_rees@sannet.ne.jp>
List: netbsd-users
Date: 07/29/2004 23:29:57

>> Hello everyone on the whole wide world,
>>
>> My Aim is to enable ftp access, but deny shell access.
>> If I set the shell to /sbin/nologin the ftp login is also denied with 
>> the
>> words "the user may not use ftp".
>> How shall I manage this ?
>
> I had quite the same problem "shell no, cvs yes", I managed it via the
> ssh :
> in the user's HOME I have :
> .ssh/authorized_keys
> command="cvs server" ssh-dss AAAAB3Nza....
> and
> command="cvs server" ssh-rsa AAAAB...
> to restrict the possible commands via ssh.

Is the user able to see that? Maybe even write something on top of that?

> Another possibility is to get a restricted shell like this one :
> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/berlios/SF2.5/utils/grap.c