Best methods for preventing SSH allowing FTP
Blake Swensen
blake at pyramus.com
Wed Aug 20 17:08:19 PDT 2003
Thanks to all for chiming in on this one.
I haven't had much luck with the /etc/login.access method. -- thanks
Scott for reminding me -- It might have something to do with NIS(?), but
it seems to be ignored (maybe because NIS groups aren't accessed by this
method?).
The myriad of shell ideas are interesting, but would need to be
propagated to all machines on the network... this is do-able. I like
the idea of writing a small script (thanks Walter) to send a little
message to the user.
Wasn't there some security issue around using a script as the default
shell.... especially since one invokes a shell to make this work?
Blake
Blake Swensen wrote:
> Anyone have suggestions for the best methods for locking an account so
> that a user or a group can only ftp/POP/IMAP and prevent all other access.
>
> Blake
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Internet Rescue Company - http://www.pyramus.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blake R. Swensen Pyramus Online, Inc.
President 2080 SE Oak Grove Blvd. Suite 11
Milwaukie, Oregon 97267
800-327-5101
vox:503-353-0455
fax:503-353-0453
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"We measure success by the success of our clients"
More information about the freebsd-isp
mailing list