Allowing ftp and email, but not shell access
junk_mail at iol.ie
Thu Aug 25 04:04:26 PDT 2005
Recently, Somebody Somewhere wrote these words
> Steve Prior wrote:
> > I'd like to set up a few accounts on my LFS box which can FTP (or
> > SSH) files for a web page and store email, but deny actual command
> > line access. I haven't yet found a way to pull this off. Can
> > anyone provide some starting points?
> > Steve
> Is it possible to create the users as regular system users, and supply
> /bin/false as the shell? It's just a guess. I don't know yet whether
> scp will work in that setup or not, but I don't see why not.
DJB's software (e.g. qmail)creates a range of users with /bin/true as a
shell. /bin/true exits 0, I'm not sure /bin/false does that, so you
might pop errors. Mail in qmail is then passed from fictitious user
process to fictitious user process in a sort of 'Mexican wave' of
processes. It's impossible to hack, but nearly impossible to use.
Every option in the adduser command allows you to limit the user. A
homedir of /dev/null means he can't write. The shell is another, as is
With best Regards,
More information about the blfs-support