I'd recommend you use /sbin/nologin in the shell this will deny the
users access but allow pop login. /bin/false can also be used but in
this case, smrsh enabled commands will not run. Also think about how you
would enable password change in case user does not have a login. Either
provide it thro' a web based application or make the shell itself
/bin/passwd. Then every time the user logs in, he can only change his
password and sesion closes.
Mohan
-----Original Message-----
From: ilugc-admin@xxxxxxxxxxxxxxxxxx
[mailto:ilugc-admin@xxxxxxxxxxxxxxxxxx] On Behalf Of Suraj Kumar
Sent: 25 July, 2002 11:43 AM
To: V.Ramanathan
Cc: ilugc@xxxxxxxxxxxxxxxxxx
Subject: Re: [Ilugc] Deny Shell access
hi,
V.Ramanathan wrote on Thu, Jul 25, 2002 at 11:17:44AM +0800:
vr> I do not want the clients to telnet the server and to deny the shell
vr> access. How it could be possible?
If you wanted to deny telnet itself, you can stop telnet service. This
depends on how telnetd runs on your machine. Typically this is run as an
[x]inetd service. man inetd, xinetd for more details.
If you wanted to run telnetd and yet deny certain ppl alone from logging
in you can change the login shells of the ppl that you wish to deny to
/bin/true or something. man chsh for more details.
-Suraj
--
+----------------------------------------------<suraj@xxxxxxxxxxxxxx>--+
| Do not be a slave to liquor; those who ignore this |
| edict, do not count in the reckoning of the wise |
| (abjuring liquor - 2), Thirukkural |
+--<http://www.symonds.net/~suraj/>------------------------------------+
_______________________________________________
To unsubscribe email Ilugc-request@xxxxxxxxxxxxxxxxxx with "unsubscribe"
in the subject or body of the message.
http://www.aero.iitm.ernet.in/mailman/listinfo/ilugc
