
November 15th, 2000, 09:32 AM
|
|
Guest
|
|
Posts: n/a
Time spent in forums:
Reputation Power:
|
|
|
>>how do I limit their telnet access to the user root?
Can't unless you write your own shell.
>>But I can't do the same with telnet and I can't deny telnet without taking away FTP
1) cat /etc/shells
#############################################
# $FreeBSD: src/etc/shells,v 1.3.2.1 2000/07/10 08:47:17 obrien Exp $
#
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/sh
/bin/csh
/bin/tcsh
#############################################
So that means, as long as a user has a shell from the choices above, he can login both FTP and Telnet.
2) Next, su to a non-system user or create a new user just for testing purpose, assign a /sbin/nologin shell to such user. Or use "vipw" to change the user's shell.
3) Telnet in and FTP in with such user, for Telnet, you would get "This account is not available" or something, for FTP, such user simply gets login failed, that is supposed to be because you need one more step as follow..
4) vi /etc/shells
add /sbin/nologin to the list so you should get:
/bin/sh
/bin/csh
/bin/tcsh
/sbin/nologin
As the cat /etc/shells from (1) mentions, "Ftpd will not allow users to connect who are not using one of these shells". Ftpd doesn't care whether it's nologin shell or whatever, as long as such shell is listed here and the user's shell belongs to one of these, such user is allow to FTP login, but not ssh/telnet.
|