[Uncle Skeleton]

I'd like to have Remote Login turned on for myself, but off for everyone else. And I'd like to have ftp access turned on for everyone else. Is this possible?

[Xeo]

You should be able to use Netinfo Manager to set their default shells to /sbin/nologin and they won't be able to SSH in. They should still be able to use Terminal. I'm not sure how the default login script works though so you may need to manually change their Terminal preferences to use tcsh or something.

[Uncle Skeleton]

I did that and now the other user can't login with either ftp or remote login. Any other ideas?

[Brass]

Install tcpwrappers. This is the BEST security software for any TCP/IP services. You can specify exactly which users and which IP addresses and which DNS hosts can do which TCP protocols to your machine.

I've not used it on Mac OS X, but we use it on all our Solaris machines here. It is excellent!

BTW - it is free.

But you'll need to use the terminal and configure text files.

[gorgonzola]

Originally posted by Brass:
Install tcpwrappers. This is the BEST security software for any TCP/IP services. You can specify exactly which users and which IP addresses and which DNS hosts can do which TCP protocols to your machine.

I've not used it on Mac OS X, but we use it on all our Solaris machines here. It is excellent!

BTW - it is free.

But you'll need to use the terminal and configure text files.

Sounds like neat software, I'm going to take a look at it...thanks!

[Uncle Skeleton]

ok, I'm cool with following directions, but I have to have some direction first

is there a guide or something for tcpwrappers (also maybe a compiled version)?

[Deicide]

Just a note: TCP wrappers do not work on everything like AFP. For some reason Apple hasn't added it. So any service not wrapped will still be open. A workaround is to add rules to ipfw. I'm hopping apple adds TCPwrappers to AFP and also upgrades ipfw to version 2.