Bugtraq archives for 3rd quarter (Jul-Sep) 1996: Re: /etc/shells (was Re: procmail)
Re: /etc/shells (was Re: procmail)
Eugene Bradley (
ebradley
andromeda.rutgers.edu)
Thu, 8 Aug 1996 13:53:01 -0400
-----BEGIN PGP SIGNED MESSAGE-----
on Aug 8, der Mouse <mouseCollatz.McRCIM.McGill.EDU> writes:
[deletia]
# I can see only two solutions. One would be to make each service
# maintain its own list of users that are forbidden (or, alternatively,
# allowed); the other would be to extend the passwd database (or,
# equivalently, maintain a parallel database) so as to allow tagging each
# user with arbitrary flags like "ftp access allowed" or "mail forward to
# pipe forbidden".
#
# Anyone have any comments on either, or any other alternatives to
# suggest?
I kinda like der Mouse's latter idea. In fact, here are some ideas
for the flags that can be used in a passwd database that root can
edit in as necessary. I don't know if some UNIX OSes support this
feature currently in the form of kernel flags; this is an idea I have
off the top of my head.
Flag Attribute
- ---- ---------
chsh/nochsh do (not) allow the user to change shells via chsh
pipe/nopipe do (not) allow mail forwarding to a pipe
ftp/noftp do (not) allow the user to write/read dot files via
ftp
rhosts/norhosts do (not) allow ~/.rhosts to be created by the user
anon/noanon do (not) permit anonymous ftp file transfers to
a user's account
Let me know if this idea can be expanded on or has already been implemented.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMgopahskmjHS+zH1AQGqxQP/QUjLq6BsoDfie4n/S2ChjQ79NaHMeWN7
xbBkMzCccBmgrQpcEP5bO6bg0WXpXK3EX7/tBTlyIzqAYm9zRlrWsWXJbKDmwIaC
nbCTTUNTJHgsGY/MIrtcikc9lJMRdLXRyBx9g583CGoH1lZa2O4LXdMRR1Yy58Z/
7/uqtvwcWR0=
=gYfo
-----END PGP SIGNATURE-----
--
Eugene Bradley | finger me for my PGP public key
webmaster of misery.winter.org
PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E
<a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>
