On Saturday 24 July 2004 1:37 pm, Michael Sullivan wrote: > Or is there a safer way to allow them to change > their passwords? Hi, It seems that the main reason for your users to contact your server is for uploading/retrieving files right? They don't need shell access at all. You could change their shell on /etc/passwd (the last argument on each line) to /bin/false ...therefore they can only use SFTP which works fine if you're using a SSH Daemon. There are many sftp clients for Windows: FileZilla, CuteFTP etc. Hah? But how are they going to change their password? Without shell access I think there's no easy way...so forger about /bin/false. I would edit their .bashrc and place at the end two lines: passwd exit This way, as soon as they enter your server (with a ssh client) they will receive the passwd prompt..as soon as they change their password they're kicked out. There may be some security issues here but...it is much better than letting them inside your server. (On the .bashrc example..I did on my machine with another user...When I got the passwd prompt..I tried to do CTRL-C to see if I could get shell access...but I couldn't). HTH, Jorge
