Quote:
Originally Posted by
omonoiatis9
Well if you set /bin/false as the initial shell for a user of course he will not login. The point is that the user can connect to the server through this shell but not get to command line. And before you mention anything about restricted shells I also tried it with rksh and the user can still bypass his .profile and get command line.
You're too fixated on preventing a user from "bypassing his .profile".
You can't stop that. And you can't control what's in a user's .profile in the first place.
And even if a user gets to a command line, he can't perform any operations he couldn't perform without command line access.
Operations on objects such as files or directories are done by system calls to the kernel. Whether they're allowed or not depends on the operation and the permissions given to that object for the user making the system call. WHERE that system call comes from is irrelevant. The kernel doesn't care if it comes from the bash or the boogersnot executable.
You can't really give someone a little bit of a login, although you can use a restricted shell to restrict things somewhat.