Subject: Re: User Shell?
From: Bill Tihen -- TECHNOLOGY (bill@mail.tasis.ch)
Date: Wed May 17 2000 - 16:59:41 EDT
Students don't need ftp or telnet access. However, I
thought I remembered that netatalk required a "real"
shell. I thought if one used /dev/false then the
students would no longer be able to access their files
via netatalk. Netatalk access is very important. Has
this changed? I thought I just read about someone who
stumbled into this gotcha.
Bill
Quoting "Lancaster, David Matthew" <c4ng2@unb.ca>:
> or set their shells to /dev/false
> note that ftp access will fail too. (it checks if the
shell is valid, i.e.
> in /etc/shells)
>
> David Lancaster (506) 454-2167
> 690 Gregg Ct. Upper Apartment
> Fredericton, NB Canada E3B 4H5
> c4ng2@unb.ca "Don't anthropomorphize
computers, they hate that."
>
> On 17 May 2000, Peter Gutowski wrote:
>
> > >I would like to make my student file server so that
the
> > >students may not telnet in, but I understand that
> > >Netatalk requires a full login account. Will this
> > >change? Is there a way around this? I suppose I
could
> > >remove the telnet service. Any other ideas?
> >
> > Of course removing telnet service from inetd.conf
ensures that *nobody*
> (even you!) can telnet in.
> >
> > I would recommend using randnum authentication and
set an initial
> password for each user in the ~/.passwd file that is
*different* from the
> unix password (which you will _not_ reveal to them.)
Your other message
> referenced students having email accounts as well, in
which case this
> solution won't work.
> >
> > -Peter Gutowski
> >
> >
>
__________________________________________
TASIS (The American School In Switzerland)
Lugano-Montagnola, Switzerland
<http://www.tasis.ch/>
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:30:45 EST