If you don't want somebody to be able to log in set their shell to
/bin/false

If you want them to log in but be restricted chroot their account with
limited stuff you want them to run. Also set their shell to a restricted
shell such as /bin/ash or /bin/rbash. 

Rbash is very restrictive no cd no redirectors, no adding stuff to SHELL
or PATH, no orrted paths (/bin/ will not work). There are even more
restrictions. See page 254 in the O'Reilly bash book for more info.

On Fri, 2002-04-12 at 13:01, der.hans wrote:
> moin, moin,
> 
> is there a way to reliably allow only scp?
> 
> Also, what about a very restricted shell? I want to be able to say explicity
> what they're allowed to run. The specific commands will actually be sudo
> stuff.
> 
> ciao,
> 
> der.hans
> -- 
> #  This line intentionally left blank.
> #  If you're not learning, you're not living. - der.hans
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss