I would guess this is a pretty easy thing to do, but I haven't had luck finding anything on it...

I need a way to prevent a user from logging into X via g/k/xdm. Can anyone tell me how to do this?

i don't know about your computer, but with mine i use the x config program that comes with my cards drivers to select a group that are allowed to use X, (i use gentoo by the way), search thru /etc/group and you see groups for xdm and such, i think that might have something to do with what you want

I figured out how to do this...

I set the user's default shell to /bin/false. I didn't want the user to be able to login to the system at all, but still needed a valid username/password combo for a proftp server.

The system in question uses gdm and gdm is smart enough to realize a user with a default shell of /bin/false is not supposed to login, so it prevents it.

While googling around for an answer for this, I read that xdm and kdm will allow a user with a default shell of /bin/false to login... so this will only work for gdm... but thats what I use, so its all good.

Another option to accomplish this on a Mandrake machine, or one with mdkKDM (mandrake's tweaked version of kdm) , is to prevent users from typing their names at the login screen and then hiding users that you don't want to hide. Then if you dont' want console access... throw a .bashrc file into their home dir and put a logout command in it, and then set the .bashrc to read only for the user...

I set the user's default shell to /bin/false. I didn't want the user to be able to login to the system at all, but still needed a valid username/password combo for a proftp server.
This means you just didn't ask the "right" question in the first place. If I knew your reason for wanting this I would have told you you should not use system authentication for just FTP logins. Since FTP uses cleartext authentication, isn't a flawless protocol (like some daemons), using an FTPD (like Vsftpd, Muddleftpd) that can handle separate authentication schemes cuts down the risk of people, one way or another, getting access to system authentication that way.

unSpawn-
I did ask the "right" question in this thread. I wasn't getting any response on it, so I thought I would try to narrow the problem down a bit.

Is there a way I can change the authentication method in Proftp so its not using system authentication then? Or do I need to use a different server to accomplish that?

I did ask the "right" question in this thread. I wasn't getting any response on it, so I thought I would try to narrow the problem down a bit.
Clear. If you mentioned that thread I wouldn't have written this.


Is there a way I can change the authentication method in Proftp so its not using system authentication then?
Sure. From the ProFTPD FAQ (ch. 7, user auth): Authentication methods supported: PAM, NIS, Indvidual passwd/group files for each virtual, SQL databases (etc, etc). Try PAM, check your PAM docs for pam_userdb. That's one of the basic and easy external auth methods Vsftpd uses too.

I prevent access to X by not having it installed, lol