Create a user account with a home directory of /dev/null and a shell that does not permit logins, such as /bin/false or /dev/null.
Set the user's shell to one that does not permit logins, such as /bin/false or /dev/null.
Note: your FTP server may require that the user's shell is listed in
the /etc/shells file.
Add the user's account name into /etc/ftpusers.
Set the user's shell to a restricted shell such as /bin/rksh or /bin/rsh.
This prevents:
1. Use of the cd command
2. Setting or changing the PATH variable
3. Specifying a command or filename containing a slash (/) -- only
filenames in the current directory can be used
4. Using output redirection (> or >>).
Add the following to /etc/profile:
if [ -n "`groups | grep {group_name}'" ] ; then
echo "Users from group
{group_name} cannot login to this machine."
exit 1
fi
This would restrict telnet and rsh access for users using Bourne shell or Korn shell. C shell users would still be able to access the machine.
Thanks to Augustus
Carter for sending the following method of restricting C shell,
Bourne shell, and Korn shell access on Solaris systems.
The following will restrict the C Shell as well as Bourne and Korn
shells under Solaris 2.6, 7, 8, and 9 systems:
Create a text file called:
/etc/su_users.txt
This will have any entries of usernames like this:
luke
hans
leia
Add the following code to the /etc/profile
file:
# 04-26-2002 - Restricts telnet
and ssh access for batch user accounts
# Bourne (sh) and Korn (ksh)
shell users use the script in the /etc/profile file
# C (csh) shell users use the
script in the /etc/.login file
# The /etc/su_users.txt file
contains the list of batch accounts.
TTY=`tty | awk -F/ '{printf
($3"/"$4)}'`
USER_TTY=`w | awk
'(\$2=="'$TTY'"){print \$1}'`
for USERID in `cat
/etc/su_users.txt`
do
if [ "$USER_TTY" =
"$USERID" ]
then
echo
echo Interactive logins for the $USER_TTY user are disabled.
echo Please login with your user id and do a su - $USER_TTY.
echo
exit
fi
done
Add the following code to the /etc/.login
file:
# 04-26-2002 - Restricts telnet
and ssh access for batch user accounts
# Bourne (sh) and Korn (ksh)
shell users use the script in the /etc/profile file
# C (csh) shell users use the
script in the /etc/.login file
# The /etc/su_users.txt file
contains the list of batch accounts.
set TTY=`tty | awk -F/ '{printf
($3"/"$4)}'`
set USER_TTY=`w|awk '{if
($2=="'$TTY'") print $1}'`
foreach USERID (`cat
/etc/su_users.txt`)
if ( "$USER_TTY" == "$USERID" )
then
echo
echo Interactive
logins for the $USER_TTY user are disabled.
echo Please login
with your user id and do a su - $USER_TTY.
echo
logout
endif
end
Back to brandonhutchinson.com.