I had written:
> I'm running dUNIX v4.0B with enhanced security. There's a couple of
> things I knew how to do under ULTRIX that I haven't figured out how to
> do yet under dUNIX.
>
> First, I'd like to be able to lock a password. Not prevent a user from
> logging in, but have it so that a particular account has to use the
> password given to him/her without being able to change it via the passwd
> command.
>
> Second, I'd like to set up an account with ftp access, but without login
> access.
>
> Anybody know how to do either of these things under dUNIX v4.0B with
> enhanced security? Thanks in advance.
>
> -- Larry Schafer
> -- Academic Computer Services
> -- St. Cloud State Univ.
Thanks to Tom Webster and Lucio Chiappetti who gave me some options on
how to do this.
>From Lucio Chiappetti-
Don't know about enhanced security, but we have an ftp-only account,
which has csh as shell, and in its home directory just a file .login
containing the following three lines
onintr end
end:
logout
>From Tom Webster-
If you have enhanced security turned on, you could try turning off all of
the password creation options for the user (security->password options),
make sure that the account isn't set to expire any time soon. I haven't
tried it, so it is a guess.
> Second, I'd like to set up an account with ftp access, but without login
> access.
It's pretty simple, assuming that you want a user who can roam the system
just like a normal user:
1. Set the user's shell to something that won't give them a shell (we
use a little "C" program that I found on COAST which prints a message
informing the user that this is an FTP only account and logs the attempt
in the syslog), but you can also use something like /bin/false.
2. Make sure that the program you set the user's shell to is listed in
/etc/shells. Ftpd will check this file to make sure that the user
has a valid shell -- this is to prevent users with application specific
shells from being able to ftp into the system.
If you want something a little more secure -- look at the wu-ftp daemon's
guest account system. You can setup seperate areas for them away from the
normal ftp area, or create user or group access controlled areas to keep
the anonymous FTP users aout of there.
Received on Tue Dec 23 1997 - 17:18:09 NZDT