*BSD News Article 63415


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!newsfeed.internetmci.com!news.jaguNET.com!news
From: Paul Chakravarti <paulc@jagunet.com>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: How to permit FTP w/o giving shell access?
Date: Tue, 12 Mar 1996 07:16:14 -0500
Organization: jaguNET Access Services
Lines: 28
Message-ID: <31456B0E.167EB0E7@jagunet.com>
References: <4i0p0k$jtj@muenchen.photogrammetrie.de> <3144EED8.41C67EA6@FreeBSD.org>
NNTP-Posting-Host: dlup-a19.jagunet.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.0 (X11; I; FreeBSD 2.1.0-RELEASE i386)

Jordan K. Hubbard wrote:
> 
> Gerhard Mehldau wrote:
> > I would like to give some users access to a (FreeBSD 2.1)
> > system *without* allowing them to login directly.  I've
> > tried setting their shell to /nonexistent, but that also
> > prevents them from using ftp.  Any ideas?
> 
> I guess you could make their shell /bin/sh and then give them a .profile
> that says:
> 
> exit 0
> 
> In it.  There _might_ be a race here if your system is slow enough which
> lets them hit ^C before the exit, but I rather doubt that they'd have an
> easy time hitting it.
> --
> - Jordan Hubbard
>   President, FreeBSD Project

But note that if they had FTP access to their home directory they could
just replace .profile - if you want to give them some warning about what
is happening just compile a short prog which prints 'Sorry interactive 
access not allowed...' - add this as their shell and add to /etc/shells

Also note that if you allow FTP access to their home ditecrory and 
E-Mail they can create a .forward file which does unpleasant thing
including running 'chsh' to give them an interactive shell