Re: Limiting user access in ftp, ssh, samba, etc... 'passwords'
On Sat, Mar 25, 2000 at 05:51:06PM -0900, Adam Shand wrote:
> i'm not sure what you're options are for samba as i haven't used it for a
> long time ...
>
> for ssh you have two ways. give them a shell which is useless (/bin/false
> or /bin/true or make your own, eg. /usr/local/bin/nossh). then when they
> log in they will be immediately logged out again. the other option is to
> use the "AllowGroups" option in the sshd_config file. create a group called
> ssh, and add it to the AllowGroups option and then only people in the ssh
> group will be able to log in.
>
> for ftp pretty much the only way to do this is via their shell. ftp will
> only allow people to login whose shell is listed in /etc/shells. give users
> you don't want to have ftp access a shell like /bin/false or
> /usr/local/bin/noftp and make sure that shell never gets added to
> /etc/shells. more advanced ftp daemons like proftpd or ncftpd may have
> other options allowing you to do this via groups like ssh but i've never
> investigated it.
usually ftp daemons support /etc/ftpusers, any user listed is denied
ftp access.
the OpenBSD ftpd (the only safe one IMO) supports this via PAM for the
linux port.
wu-ftpd also supports /etc/ftpusers but it gives out root like candy,
stay away :)
--
Ethan Benson
http://www.alaska.net/~erbenson/
Reply to: