[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: restricted accounts
- To: misc_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
- Subject: Re: restricted accounts
- From: dgjs_(_at_)_acm_(_dot_)_org
- Date: Sat, 16 Sep 2000 16:25:52 -0700 (PDT)
- Reply-to: dgjs_(_at_)_acm_(_dot_)_org
On 16 Sep, Benjamin Ellis wrote:
> How can I make a user account on my machine (OpenBSD 2.7) in which a user
> can ftp and have read/write access to his home directory, but not be able to
> have shell access? I tried setting the user's shell to '/usr/bin/false'
> which allowed them to log in and download, but they didn't have access to
> Does anyone have a solution?
Use 'sh', 'ksh', or 'bash' in restricted mode for their shells. From
the 'ksh' man page:
A shell is ``restricted'' if the -r option is used or if either the base-
name of the name the shell was invoked with or the SHELL parameter match
the pattern ``*r*sh'' (e.g., ``rsh'', ``rksh'', ``rpdksh'', etc.). The
following restrictions come into effect after the shell processes any
profile and ENV files:
o The cd command is disabled.
o The SHELL, ENV, and PATH parameters cannot be changed.
o Command names can't be specified with absolute or relative paths.
o The -p option of the built-in command command can't be used.
o Redirections that create files can't be used (i.e., `>', `>|', `>>',
You'll have to do some work in setting up their '~/.profile' files and,
and PATH that contains only the programs you want them to run.
> Benjamin Ellis
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> Share information about yourself, create your own public profile at
Visit your host, monkey.org