is the nologin shell available in AIX 5.2? I am familiar with the nologin shell in linux and restricting shell access but still allowing ftp etc. Can this be done in AIX? I have not been able to locate any documentation. Thanks in advance
I am not sure I am following your question, however on all the AIX systems I have ran over the years I have used /etc/ftpusers file as a deny users to ftp...
I have read of many ways to do this but this is the only one I have used.
...I use �smit users� and change the logs rights to stop telnet etc:
Is this user ACCOUNT LOCKED? false +
User can LOGIN? true +
User can LOGIN REMOTELY(rsh,tn,rlogin)? true +
is this were you are going?
Thanks for the reply, what is needed is a way for a user to be able to ftp into the server, but not telnet/ssh. I was under the understanding that if I set the 'user can login remotely' to false, they would not be able to ftp in. If this is incorrect or if you know of another way to set this up, please let me know. thanks
i am talking abit off the top of my head...
but you could set up a .profile that logs the user right out and make the perms on the file so that they can not mod etc. then as long as the account has ftp access i.e. no entery in /etc/ftpusers or what ever you have configured to block ftp access. I did something like this in the past however i was not using ssh or anything at the time. Thus i am not sure it will work in this case. sorry kind of a hoky way of locking down access.
PS i also echoed a smiple message in the .profile saying no access to this sytem...
exit
If you leave /etc/nologin file, no user other than root can login to that machine. To restrict shell access but ftp, I normall setup some shell scripts in the profile.
Even easier is to change the login shell in /etc/passwd to /bin/false this is not impeding ftp-access but disallows shell login in any form (rlogin, telnet, ssh, etc.)
bakunin