On RedHat 7.2 (also on our Solaris servers), we allow our web site 
design team to upload content via SFTP on port 22.  Previously we used 
the standard FTP protocol (port 21).  With regular FTP uploads, the 
user's entry in the /etc/passwd file could contain a shell reference 
like "/bin/false" as long as that shell was defined in /etc/shells.  Now 
that we are using a secure protocol (SFTP), it seems to require that the 
user have a legitimate shell in the /etc/passwd file.  The problem this 
presents is that they can now log in using a standard SSH client.  I 
want to restrict their access so that they only have SFTP access, not 
shell access.

Any ideas on how I can use a non-legitimate shell in the /etc/passwd 
file but still allow SFTP sessions?

Shannon Merritt