Quoth Percival, > I want to have easy freedom in limiting user access. I have killed > telnetd, and only sshd. I want to allow some users access through > ssh, some through ftpd, and some through samba. How can I turn off > user access through ssh, but keep their account, and allow them access > through ftp? Can I allow users access to shares through samba, and > allow them to ftp in, but not ssh or telnet?
This doesn't really address the issue of keeping communications secure, and isn't an answer to all of your problems, but... One way you can disallow SSH but allow FTP for a user is to change their login shell to something like /bin/false, and set /bin/false as a valid login shell in /etc/shells. This will allow them to SSH in, but won't actually let them have an interactive shell (ie., they'll be bounced back out as soon as they have authenticated). Most FTP clients will only allow FTP logins if the user has a valid shell listed in /etc/shells, so FTP will still let them in if /bin/false is in /etc/shells. As for Samba, I'm not so sure. I seem to recall there is something in the way of setting allowed users, but don't know the details off the top of my head. On way, is if they are coming from predictable IPs, just put their IP in smb.conf's `allow hosts' line. HTH, cheers, damon -- Damon Muller ([EMAIL PROTECTED]) / It's not a sense of humor. * Criminologist / It's a sense of irony * Webmeister / disguised as one. * Linux Geek / - Bruce Sterling - Running Debian GNU/Linux: Doing my bit for World Domination (tm) -
pgpLkmOSiUslZ.pgp
Description: PGP signature