|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Phil Freed (url-securityfocus
freed.com)Date: Sun Jul 08 2001 - 23:19:34 CDT
At 05:15 PM 7/3/01 -0700, igor' spivak wrote:
>So, is it possible to have WS-Ftp validate users (not anonymous access), but
>the users can't login into the system through normal means? i tried to put
>shell script saying 'no login allowed' in the passwd file, as well as
>/dev/null, but that disables the ftp access.
Lots of folks have suggested adding /bin/false (or a non-existent file) to
/etc/shells. We use a _real_ shell for this purpose: it's a small program
called noshell. The advantage of this over /bin/false is that it logs
failed attempts. See
http://www.fish.com/titan/
The source (plus instructions for static compilation) used to be posted
separately, but the links to these seem to be dead. This means you'll have
to download the whole package to get this bit. But there's a bright side
to this: you'll find lots of useful security tips 'n scripts in this
package. It's worth reviewing.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]