On Sat, Mar 25, 2000 at 05:51:06PM -0900, Adam Shand wrote: > i'm not sure what you're options are for samba as i haven't used it for a > long time ... > > for ssh you have two ways. give them a shell which is useless (/bin/false > or /bin/true or make your own, eg. /usr/local/bin/nossh). then when they > log in they will be immediately logged out again. the other option is to > use the "AllowGroups" option in the sshd_config file. create a group called > ssh, and add it to the AllowGroups option and then only people in the ssh > group will be able to log in. > > for ftp pretty much the only way to do this is via their shell. ftp will > only allow people to login whose shell is listed in /etc/shells. give users > you don't want to have ftp access a shell like /bin/false or > /usr/local/bin/noftp and make sure that shell never gets added to > /etc/shells. more advanced ftp daemons like proftpd or ncftpd may have > other options allowing you to do this via groups like ssh but i've never > investigated it.
usually ftp daemons support /etc/ftpusers, any user listed is denied ftp access. the OpenBSD ftpd (the only safe one IMO) supports this via PAM for the linux port. wu-ftpd also supports /etc/ftpusers but it gives out root like candy, stay away :) -- Ethan Benson http://www.alaska.net/~erbenson/
