[ale] Restricting users to sftp

Jerald Sheets questy at gmail.com
Thu May 28 10:30:59 EDT 2015


You can use /etc/security/access.conf to eliminate shell altogether while allowing specific services on an ad-hoc basis.


Jerald Sheets
questy at gmail.com



> On May 28, 2015, at 10:24 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
> 
> No details emerge from my memory but I think there's a way to use PAM to
> decide what shell based on access method. By defining nologin as a
> default shell for all users that will also block pretty much everything.
> Maybe a really stripped down busybox with nothing more than ls and cd?
> 
> rssh is still in the main repo for Fedora 21. Yeah, not updated for a
> long time but looks stable enough.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.ale.org/pipermail/ale/attachments/20150528/9f300402/attachment.sig>


More information about the Ale mailing list