Re: Allow FTP in, but not shell login
On Tue, 13 Mar 2001, Kenneth Pronovici wrote:
> I have a situation where I've volunteered to host a few webpages for
> some users. They're at a university and are having problems getting timely
> access to their organizational websites on their school's server. Anyway,
> I'm happy to be the host, but I want these people to be able to FTP in ONLY,
> without interactive access. I want to do this specifically for a set of
> users, not for all users on the machine.
I think, this could be quite hard to archive. Setting the shell to
something non-interactive will disallow normal login.
But the users will stil have many rights, that might allow them nasty
things inluding getting interactive access:
Perhaps you have procmail installed and they can send themself mail,
so they can execute anything thay want. If they have write-access to some
dir, which is not mounted no-exec, they can but there something to
execute, they can thereby start programms there.
Or you have installed some php, which is configuated in a way they can run
programms they want from there. Then they may start some xterm and have an
shell as nowhere and get interactiv-user-access by su giving an other
shell to execute.
And there might be many other possibilities, one had to check to ensure
this.
Hochachtungsvoll,
Bernhard R. Link
Reply to: