Sunday, May 18, 2003

Controlling login abilities

If you want the user to have full telnet/ftp/etc access, use a real shell in
/etc/passwd (as in /bin/bash)

Non-login access can be set by using /bin/true (because /bin/true is in /etc/shells)

No login and no FTP access by setting the shell as /bin/false
(because /bin/false is not in /etc/shells)

(note of the maintainer : in the latest case, the user can still have by
example POP3 access if there is a POP3 daemon, or access to other services
not doing a check of the user's shell)