On Tue, Mar 14, 2006 at 04:00:29PM -0500, Andrew Cady wrote: > On Tue, Mar 14, 2006 at 08:32:06PM +0000, Arnór Kristjánsson wrote: > > How can I turn off shell access (through SSH) for certain users? > > If you want to disable all shell access (including local) then set the > user's login shell to something not in /etc/shells (/bin/false is a good > choice).
There are actually a few things which complain about shells that aren't in /etc/shells, so I usually add /bin/false to that list. Setting a user's shell to /bin/false still works, though. /bin/false immediately exits - so they can log in, but their "shell" exits as soon as they do, logging them right back out. (Not that /bin/false would allow them to do anything even if they were still logged in to it...) -- The freedoms that we enjoy presently are the most important victories of the White Hats over the past several millennia, and it is vitally important that we don't give them up now, only because we are frightened. - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
