On 11 Nov 2001 at 0:00, Emre Yildirim wrote: > I have a better idea. Just set his shell to /dev/null or /bin/passwd in > the passwd file. That way he can still FTP in, but when he tries to > telnet into the box, he will only get a "connection closed" or a "Enter > new password:" prompt.
I don't know for sure about RedHat (never used it), but on Debian and SuSE "/bin/false" exists for this purpose. /dev/null or /bin/passwd would of course work as long as you put them in /etc/shells, so that they are recognized as a valid shell. Many FTP-Servers check for the user having a valid shell before allowing to log in. If you obviously don't want your user to execute something on your server or see files he/she shouln't see, you'd better check your FTP- Server, too. FTP has commands to execute programs on the server, make sure they are disabled. Proftpd is a fairly good and configurable server that can be configured to let certain users access only certain directories. > If I was you, I wouldn't run telnet in the first place. Well, I agree ;-) Bye, Andreas