Wrt /bin/false, I ran into such an exception: I installed freeradius on my ubuntu main server so my astaro gateway could authenticate people. They already had accounts on that host for email - all of them using /bin/false. I naively tried to use the freeradius plugin "unix password" (not the right name, but the gist is accurate.) freeradius would reject auth attempts due to 'invalid shell'. I ended up using the pam plugin and all was well...
-----Original Message----- From: Jan Owoc [mailto:jso...@gmail.com] Sent: Monday, October 29, 2012 11:24 AM To: Discussion list for OpenIndiana Subject: Re: [OpenIndiana-discuss] How to disable local/remote login, still allowing access to smb share? Hi Dmitry, On Mon, Oct 29, 2012 at 9:17 AM, Dmitry Kozhinov <d...@desktopfay.com> wrote: > I am still newbie to UNIX administration. Please advise. After setting > up a storage server (a number of smb shares, as described at > http://wiki.openindiana.org/oi/Using+OpenIndiana+as+a+storage+server), > I ended up having a number of users at my system, each one needed only > to access an smb share from a Windows client machine. How do I prevent > using these usernames/passwords to login locally or remotely to the > server, and only use them to access smb shares? I'm not a professional UNIX administrator, but the way I've seen it done is to set the logon shell for those users to "/bin/false". An alternative is "/usr/bin/passwd", so they can't get a logon shell, but they can "log on" to change their password. There are some things for which /bin/false doesn't work, but it might be enough for your needs [1]. [1] http://www.semicomplete.com/articles/ssh-security/ Jan _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
