> I want to have easy freedom in limiting user access. I have killed > telnetd, and only sshd. I want to allow some users access through ssh, > some through ftpd, and some through samba. How can I turn off user > access through ssh, but keep their account, and allow them access > through ftp? Can I allow users access to shares through samba, and > allow them to ftp in, but not ssh or telnet?
i'm not sure what you're options are for samba as i haven't used it for a long time ... for ssh you have two ways. give them a shell which is useless (/bin/false or /bin/true or make your own, eg. /usr/local/bin/nossh). then when they log in they will be immediately logged out again. the other option is to use the "AllowGroups" option in the sshd_config file. create a group called ssh, and add it to the AllowGroups option and then only people in the ssh group will be able to log in. for ftp pretty much the only way to do this is via their shell. ftp will only allow people to login whose shell is listed in /etc/shells. give users you don't want to have ftp access a shell like /bin/false or /usr/local/bin/noftp and make sure that shell never gets added to /etc/shells. more advanced ftp daemons like proftpd or ncftpd may have other options allowing you to do this via groups like ssh but i've never investigated it. adam.
