james@engrss2.unl.edu (James Nau) (06/21/91)
Does anyone know of a way to invalidate a user so that a message is displayed, and the user is logged off, and ftp access is disabled? I've tried replacing the shell with a program that prints out a message. Worked great. But that still allowed FTP access to the account. The only alternative that I can see is to either a) change the password on the account, or b) mark that password in /etc/passwd to be a "*". Both of these will disable the account, but won't allow a message to be printed. Also, I'm running NIS, but that hasn't mattered (that I know of) for what I've tried. Thanks James james@engrs.unl.edu
jfh@rpp386.cactus.org (John F Haugh II) (06/24/91)
In article <1991Jun21.163259.6777@unlinfo.unl.edu> james@engrss2.unl.edu (James Nau) writes: >Does anyone know of a way to invalidate a user so that a message is >displayed, and the user is logged off, and ftp access is disabled? >I've tried replacing the shell with a program that prints out a >message. Worked great. But that still allowed FTP access to the account. There is a file, /etc/shells, which lists the shells which a user may have and be granted FTP access. The /etc/shells file was replaced by the "shells" attribute in /etc/security/login.cfg and I suspect the people in TCP/IP didn't get the message. >The only alternative that I can see is to either a) change the password >on the account, or b) mark that password in /etc/passwd to be a "*". >Both of these will disable the account, but won't allow a message to be >printed. Create the file /etc/shells and add the names of the valid login shells on separate lines. Your program shouldn't be listed, nor should the UUCP and other "special" commands. -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "UNIX signals are not interrupts. Worse, SIGCHLD/SIGCLD is not even a UNIX signal, it's an abomination." -- Doug Gwyn
james@engrs.unl.edu (James Nau) (06/25/91)
In article <19397@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes: >In article <1991Jun21.163259.6777@unlinfo.unl.edu> james@engrss2.unl.edu (James Nau) writes: >>Does anyone know of a way to invalidate a user so that a message is >>displayed, and the user is logged off, and ftp access is disabled? > >There is a file, /etc/shells, which lists the shells which a user may >have and be granted FTP access. The /etc/shells file was replaced by >the "shells" attribute in /etc/security/login.cfg and I suspect the >people in TCP/IP didn't get the message. >-- >John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh This is just what I was looking for. Thanks! As it turns out, /etc/shells is NOT needed. It is indeed the shells attribute in /etc/security/login.cfg. My problem was that I had the shell in there (mkuser requires it). Then, I'd try testing against the same machine... But, removing my shell from the shells= attribute, then ftp'ing, did indeed as I wanted. ie, no ftp access, a message printed out at login, and the user logged off. James