>
> hi,
> I have this problem with my ftp sessions, I want
> my ftp users to have their telnet logging sessions disable.
> Because My ftp users can telnet my server and they can even
> access files which they are not suppose to do.
> How can I disable their telnet sessions so that
> they can't login anymore but they could still have ftp access
> using their account.
You want to set their "shell" to something that won't excute
commands or start a real shell, but which _is_ listed in /etc/shells.
Others have mentioned /bin/false. I've used a script something
like this (this was not on Linux but HP-UX, but I think it
can be adapted (maybe use /bin insteat of /usr/bin, I don't
know):
- - cut here - -
#!/usr/bin/csh -fe
unsetenv IFS
unset IFS
set path=( /usr/bin )
echo
echo '***********************************************************************'
echo User accounts on this system are only allowed ftp access, not telnet access.
echo Read http://www.example.com/ for more information
echo '***********************************************************************'
echo
/usr/bin/sleep 10
exit -1
#
- - cut here - -
(A short C program or perl script could do much the same thing.)
I made a similar script with a different message, and called it
/usr/bin/disabled and _didn't_ put it in /etc/shells. I used that
to turn off access.
Take a look at the effect on ssh and/or rlogin/rshell/rexec, too.
You don't want any "back doors" there.
I explicitly configured ssh to allow access from a short list of
staff users, and disabled the BSD r* protocols for security,
but I'm not sure this was all necessary.
--
Albert Lunde [EMAIL PROTECTED] (new address)
[EMAIL PROTECTED] (old address)
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
