Allowing ftp and email, but not shell access

Declan Moriarty junk_mail at iol.ie
Thu Aug 25 04:04:26 PDT 2005


Recently, Somebody Somewhere wrote these words
> Steve Prior wrote:
> > I'd like to set up a few accounts on my LFS box which can FTP (or
> > SSH) files for a web page and store email, but deny actual command
> > line access.  I haven't yet found a way to pull this off.  Can
> > anyone provide some starting points?
> > 
> > Steve
> > 
> 
> Is it possible to create the users as regular system users, and supply
> /bin/false as the shell?  It's just a guess.  I don't know yet whether
> scp will work in that setup or not, but I don't see why not.
> 
DJB's software (e.g. qmail)creates a range of users with /bin/true as a
shell. /bin/true exits 0, I'm not sure /bin/false does that, so you
might pop errors. Mail  in qmail is then passed from fictitious user
process to fictitious user process in a sort of 'Mexican wave' of
processes. It's impossible to hack, but nearly impossible to use.

Every option in the adduser command allows you to limit the user. A
homedir of /dev/null means he can't write. The shell is another, as is
the group

-- 

	With best Regards,


	Declan Moriarty.



More information about the blfs-support mailing list