[luau] restricting directory access

Eric Hattemer hattenator at imapmail.org
Sat Apr 27 16:45:23 PDT 2002 

This is USC's "ftp-only" shell.
#!/usr/bin/sh -
#
# $Header: /usr/usc/etc/admshells/RCS/ftp-only,v 1.4 1994/05/31 20:26:15
mcooper Exp $
#
# login shell for ftp users - allows only password change to be done
#
PATH=/usr/bin:/usr/sbin:/usr/ucb
SHELL=/bin/sh
IFS=
readonly PATH SHELL IFS

# SigINT=2  SigQUIT=3
# readonly SigINT SigQUIT
# trap exit $SigINT $SigQUIT

host=`hostname`

cat <<EOF

Your account is only authorized ftp access into $host or one of of the
choices listed below.  If you feel this is in error, please send email
to "-edited out-".

EOF

echo -n '
  1. Change your password.
  0. Exit

Enter choice: '
read choice

if [ "$choice" -eq 0 ]; then
    exit
fi

if [ "$choice" -eq 1 ]; then
    echo '
Your new password should be 6 to 8 characters long and consist of
alphanumeric
characters.  The password you choose:
 1. should not be a word found in the dictionary
 2. should not be derived from any publicly available information about you
    (such as your name, or some permutation thereof)
 3. should contain at least one non-alphabetic character and one capitalized
    alphabetic character
'
    count=0
    while [ $count -lt 8 ]; do
        if passwd; then
            break
        else
            count=`expr $count + 1`
        fi
    done
fi

----- Original Message -----
From: "Warren Togami" <warren at togami.com>
To: <luau at videl.ics.hawaii.edu>
Sent: Saturday, April 27, 2002 3:27 PM
Subject: Re: [luau] restricting directory access


>
> ----- Original Message -----
> From: "MonMotha" <monmotha at indy.rr.com>
> To: <luau at videl.ics.hawaii.edu>
> Sent: Saturday, April 27, 2002 9:13 AM
> Subject: Re: [luau] restricting directory access
>
>
> > HTTP should be faster than SSH because it doesn't have the overhead of
> > encryption.  However, if you still want to allow SSH access, you could
> > set the user up with no shell (like /bin/false or something, make sure
> > it's in /etc/shells though) and then have them only use sftp or scp.
> >
> > --MonMotha
>
> Have you tried this?  To my knowledge scp and sftp don't work if you set
> their shell this way.  It didn't work when I tried it a month or two ago.
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>

More information about the LUAU mailing list