On Tue, 13 Mar 2001, Kenneth Pronovici wrote: > I have a situation where I've volunteered to host a few webpages for > some users. They're at a university and are having problems getting timely > access to their organizational websites on their school's server. Anyway, > I'm happy to be the host, but I want these people to be able to FTP in ONLY, > without interactive access. I want to do this specifically for a set of > users, not for all users on the machine.
I think, this could be quite hard to archive. Setting the shell to something non-interactive will disallow normal login. But the users will stil have many rights, that might allow them nasty things inluding getting interactive access: Perhaps you have procmail installed and they can send themself mail, so they can execute anything thay want. If they have write-access to some dir, which is not mounted no-exec, they can but there something to execute, they can thereby start programms there. Or you have installed some php, which is configuated in a way they can run programms they want from there. Then they may start some xterm and have an shell as nowhere and get interactiv-user-access by su giving an other shell to execute. And there might be many other possibilities, one had to check to ensure this. Hochachtungsvoll, Bernhard R. Link
