IF you are going to want to limit USERS only to an application WHY IN
THE HEAVENS would you use OS level authentication? It's like your trying
to use PAM but you don't want PAM to work.
If you just want to give them SFTP access then use :/usr/lib/sftp-server.
So to better answer your question... just have a root user on the system
and system accounts (with the /bin/false) for shells and control
application level authentication at that level.
I run a couple of mail servers, Dovecot uses it's own passwd file for
that very reason (well and for vmail). I authenticate at the application
level so the user can't get into the systems internals.
Thats my 2 cents....
--Matthew Rogers
Eben King wrote:
> On Tue, 11 Mar 2008, Logan Tygart wrote:
>
>> On Tue, 2008-03-11 at 11:33 -0500, Rich Morgan wrote:
>>> Hey guys and gals, an interesting forum question was posted by a friend
>>> of mine and I'd like to get your take on it: How do you limit access to
>>> the command line to just root? That is to say, not allow a user account
>>> to access a terminal at all.
>>
>> Just set their shell to /bin/false.
>
> Would that interfere with trminal emulators that want to start a login
> shell?
>
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:21:11 EDT