User Access restriction.
Beech Rintoul
beech at alaskaparadise.com
Tue May 30 02:49:35 PDT 2006
On Tuesday 30 May 2006 01:28, Mikhail Goriachev wrote:
> Marwan Sultan wrote:
> > Hello,
> >
> > Yes, I understand that To lockup a user from navigating outside their
> > home directories through
> > ftp, I simply can add them to /etc/ftpchroot and when a user connects
> > It wont allow him
> > to go any level higher than his Home Directory.
> > No need for proftpd as additional port, because the base system will do
> > it throu /etc/ftpchroot
> >
> > BUT!!
> > The user can connect through SSH and navigate,
> > Here where my information stops,
> > 2 questions,
> > 1) How do I have a list from few users to disallow them using SSH?
> > is there any where i add a user to disallow him from using SSH?
You can define /usr/sbin/nologin as their shell, that will prevent all shell
logins for that user. But AFIK the stock ftp will not work without shell
access. You will need to use something like proftpd if you go that route.
Beech
>
> man sshd_config
>
> and see AllowUsers/DenyUsers sections.
>
> > 2) If I want to lock the user through his SSH session not FTP session
> > whats the way?
> > Is jail the only way? no easier way? chroot can do it? how if yes? or
> > whats the alternatives?
> >
> > Thank you guys for following up with me.
> >
> > Marwan
>
> Cheers,
> Mikhail.
--
---------------------------------------------------------------------------------------
Beech Rintoul - Sys. Administrator - beech at alaskaparadise.com
/"\ ASCII Ribbon Campaign | Alaska Paradise
\ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310
X - NO Word docs in e-mail | Anchorage, AK 99501
/ \ - Please visit Alaska Paradise - http://www.alaskaparadise.com
---------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060530/4523fb79/attachment.pgp
More information about the freebsd-questions
mailing list