Re: securing pop3

To: debian-security@lists.debian.org
Subject: Re: securing pop3
From: Ross Currie <ross@excess.org>
Date: Tue, 11 Feb 2003 13:30:54 -0500
Message-id: <[🔎] 1044988254.3e49415e3d455@mail.canadacast.ca>
In-reply-to: <[🔎] 20030210230825.63271818.vincenzo@dagods.org>
References: <[🔎] 20030210215657.68115c3b.vincenzo@dagods.org> <[🔎] Pine.LNX.4.33.0302101623290.9508-100000@router.windsormachine.com> <[🔎] 20030210230825.63271818.vincenzo@dagods.org>

Quoting vincenzo <vincenzo@dagods.org>:

> On Mon, 10 Feb 2003 16:26:03 -0500 (EST)
> Mike Dresser <mdresser_l@windsormachine.com> wrote:
> 
> > That lets you in just fine unfortunately.
> > 
> > mdresser:x:1000:1000:Mike Dresser,,,:/home/mdresser:
> > 
> > x:~# login
> > x login: mdresser
> > Password:
> > Last login: Mon Feb 10 16:23:51 2003 on pts/1
> > Linux x 2.4.20 #1 SMP Sun Feb 2 22:20:23 EST 2003 i686 unknown
> > You have mail.
> > mdresser@x:~$
> 
> How can it be possible ? Doesn't the system normally check at the shell
> field value in /etc/passwd to look for the shell to use ?
> Is it using a default shell in the case where no shell value is specified
> ?
> 

quite right.
You'll want to put something like /bin/false in your passwd file as the user's
shell.
To change the default for new accounts you can edit /etc/adduser.conf

-ross

Reply to:

Follow-Ups:
- Re: securing pop3
  - From: "Janus N." Tøndering <janus@bananus.dk>

References:
- Re: securing pop3
  - From: vincenzo <vincenzo@dagods.org>
- Re: securing pop3
  - From: Mike Dresser <mdresser_l@windsormachine.com>
- Re: securing pop3
  - From: vincenzo <vincenzo@dagods.org>

Prev by Date: Re: securing pop3
Next by Date: Re: securing pop3
Previous by thread: Re: securing pop3
Next by thread: Re: securing pop3
Index(es):
- Date
- Thread