Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Aaron D.Gifford (agiffordinfowest.com)
Date: Thu Mar 01 2001 - 11:01:44 CST
I would caution folks from putting /sbin/nologin into /etc/shells in order to
create FTP-only accounts. I would instead suggest you create a link to
/sbin/nologin and call it something like /sbin/ftponly and put THAT shell in
your /etc/shells file and use it as the shell for your FTP-only users.
Why? This gives you the ability to have FTP-only users yet retain the full
functionality of /sbin/nologin on other accounts (i.e. a mail-only account)
that you DON'T want to grant FTP access to.
Also if you're running SSH on the FTP server and you do NOT want your FTP
users to be able to do port forwarding (it can be dangerous to allow unless
you trust your FTP users greatly and trust that their cleartext passwords
won't traverse an untrusted network) you should probably disable it in your
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message