|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Anthony Schneider (anthony_at_x-anthony.com)
Date: Mon Jan 20 2003 - 17:51:52 CST
statically linked? is /sbin/nologin not a shell script anymore?
-Anthony.
On Mon, Jan 20, 2003 at 02:56:09PM -0800, David Schultz wrote:
> Thus spake zhuravlev alexander <zaa
ulstu.ru>:
> > On Mon, Jan 20, 2003 at 12:13:23PM +0200, Oleg Shevtsov wrote:
> > >
> > > Hi,
> > > how to give specific user FTP but no shell access?
> > > Ftpd's manual says:
> > > 4. The user must have a standard shell returned by
> > > getusershell(3).
> > > But I don't want to give shell account.
> >
> > /sbin/nologin ?
>
> If you do it this way, you need to ensure that either the
> ``FTP-only'' users do not have home directories or that
> /sbin/nologin is statically linked (the default). Otherwise, it
> is possible to exploit a bug (ahem, feature) in OpenSSH to gain
> shell access on your box.
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]