Re: ProFtpd question

To: <rsnyder@toontown.erial.nj.us>, debian-security@lists.debian.org
Subject: Re: ProFtpd question
From: Jean-Marc Boursot <jmb@ankeo.org>
Date: Wed, 27 Jun 2001 19:39:10 +0200
Message-id: <[🔎] 01062719391002.00460@endymion>
In-reply-to: <[🔎] 20010627130714.B929@toontown.erial.nj.us>
References: <[🔎] 01062606151500.00902@yoga> <[🔎] 01062702492003.00666@endymion> <[🔎] 20010627130714.B929@toontown.erial.nj.us>

On Wednesday 27 June 2001 19:07, rsnyder@toontown.erial.nj.us wrote:
>
> And if I'm not mistaken, if they are somehow now able to execute the
> chsh command, then they have a valid shell account they can log in
> to. :-(
>
> While they shouldn't be able to run chsh, or the equivalent, putting
> their shell in /etc/shells puts them that much closer to an account.

Yep but "false" (or "true") is NOT a shell. So they won't be able to 
execute chsh and change their login shell to a real one.

Moreover, I think it's a good idea to disable ftp for people with a 
"real" valid shell (ie only include pseudo shells in /etc/shells) as it 
isn't a secure protocol.

JM

Reply to:

Follow-Ups:
- Re: ProFtpd question
  - From: "Bernhard R. Link" <brl@pcpool00.mathematik.uni-freiburg.de>
- Re: ProFtpd question
  - From: Kevin van Haaren <kevin@vanhaaren.net>

References:
- ProFtpd question
  - From: Luc MAIGNAN <dirtech@winxpert.com>
- Re: ProFtpd question
  - From: Jean-Marc Boursot <jmb@ankeo.org>
- Re: ProFtpd question
  - From: <rsnyder@toontown.erial.nj.us>

Prev by Date: strange openssh error
Next by Date: Re: ProFtpd question
Previous by thread: Re: ProFtpd question
Next by thread: Re: ProFtpd question
Index(es):
- Date
- Thread