seattlejim
asked on
Postfix mail accts & SSH/FTP access
I just want to know if there is a better way to do this. There must be.
Basically, I want to create several email acct and since I'm using Postfix the accts are Unix accts. Needless to say they are able to login to the server. Here is what I'm trying to accomplish and what I have done, but it seems like there should be a better way.
Obviously, check for mail, deny SSH access and possibly deny/allow FTP access into the server.
I have have created a couple test accts and changed the /etc/passwd file to reflect /sbin/nologin instead of /bin/bash. It seems to work. Still can check email and can't log into the server.
But it seems like there must be a better way. This is the first time to use Postfix as the mail server. In the past I have used Qmail.
Thanks for your suggestions.
Basically, I want to create several email acct and since I'm using Postfix the accts are Unix accts. Needless to say they are able to login to the server. Here is what I'm trying to accomplish and what I have done, but it seems like there should be a better way.
Obviously, check for mail, deny SSH access and possibly deny/allow FTP access into the server.
I have have created a couple test accts and changed the /etc/passwd file to reflect /sbin/nologin instead of /bin/bash. It seems to work. Still can check email and can't log into the server.
But it seems like there must be a better way. This is the first time to use Postfix as the mail server. In the past I have used Qmail.
Thanks for your suggestions.
majorwoo is right.
nologin is not present in all systems, altough.
then I use /bin/false as the shell, and I add it to /etc/shells.
just edit your /etc/passwd file and change their shell to the one majorwoo told you (/sbin/nologin) or if that shell does not exist, use /bin/false.
Regards
nologin is not present in all systems, altough.
then I use /bin/false as the shell, and I add it to /etc/shells.
just edit your /etc/passwd file and change their shell to the one majorwoo told you (/sbin/nologin) or if that shell does not exist, use /bin/false.
Regards
I tend to make the default shell for nologin users passwd - that way, they can change their passwords themselves without shell access.
yeah
/bin/false
/dev/null
/sbin/nologin
they will all serve the savme purpose in this case
(/deb/null is on almost every *nix system)
/bin/false
/dev/null
/sbin/nologin
they will all serve the savme purpose in this case
(/deb/null is on almost every *nix system)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. That makes a lot of sense.
useradd -s /sbin/nologin
then you dont have to go back and edit the password file