On Thu, 1 Mar 2001, Riley J. McIntire wrote:

>> -----Original Message-----
>> From: owner-freebsd-securityFreeBSD.ORG
>> [mailto:owner-freebsd-securityFreeBSD.ORG]On Behalf Of Aaron D.Gifford
>> Sent: Thursday, March 01, 2001 9:02 AM
>> To: freebsd-securityFreeBSD.ORG
>> Subject: RE: ftp access
>
>>
>> I would caution folks from putting /sbin/nologin into /etc/shells
>> in order to
>> create FTP-only accounts. I would instead suggest you create a link to
>> /sbin/nologin and call it something like /sbin/ftponly and put
>> THAT shell in
>> your /etc/shells file and use it as the shell for your FTP-only users.
>
>Would this be a problem?
>
>rootaji# lls /sbin/ftp_only
>-rwxr-xr-x 1 root wheel - 48 Mar 1 13:23 /sbin/ftp_only*
>
>rootaji# cat /sbin/ftp_only
>echo This account is for ftp only
>ftp localhost
>rootaji# grep ftp_only /etc
>
>rootaji# grep ftp /etc/shells
>/sbin/ftp_only
>
>Then a telnet would show the motd and:
>
>This account is for ftp only
>Connected to localhost.
>220 aji.wilshire.net FTP server (Version 6.00LS) ready.
>Name (localhost:username):

What happens if they have a valid ftp account, login, and run !sh ?

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]