Hello,
Does anyone know
how one might disallow a user to logon to a secure shell but still allow them to
make a secure login for ftp (sftp)? I want this person to have ftp access but
not, specifically, have the ability to run passwd. I tried changing their shell
to a variety of bogus filenames (/dev/null, /bin/ftponly, both as an empty file
and as a symlink to /dev/null), and discovered at that point that sftp must
allow an ssh login to work. I can't block in hosts.deny or allow because this
user obtains an ip from the same dhcp pool we all do; denying by ip is no
good.
Any
ideas?
Thanks,
Michael
Salmons
