RE: proftpd using nobody user with /bin/sh ?

To: "'Paolo Pantaleo'" <paolopantaleo@gmail.com>
Cc: <debian-user@lists.debian.org>
Subject: RE: proftpd using nobody user with /bin/sh ?
From: "micobros" <micobros@gmail.com>
Date: Thu, 29 Sep 2005 23:36:19 +0200
Message-id: <[🔎] 433c5d7b.62f5cbe3.0623.7cde@mx.gmail.com>
Reply-to: <micobros@gmail.com>
In-reply-to: <[🔎] 83e8215e0509290845b320174@mail.gmail.com>

Paolo sayed : "The daemon do not start a shell (that is started
when the user login)."

Ok, but i don't want ftp users to have any kind of access to shells, just
pure ftp connexions, that's all. 
Should I remove in /bin/sh for user nobody in /etc/password?

Mico.

-----Original Message-----
From: Paolo Pantaleo [mailto:paolopantaleo@gmail.com] 
Sent: jeudi 29 septembre 2005 17:45
To: admin@micobros.com
Cc: debian-user@lists.debian.org
Subject: Re: proftpd using nobody user with /bin/sh ?

2005/9/29, micobros <micobros@gmail.com>:
>
>
>
> Hello,
>
>
>
> Proftpd is launched with user nobody. I was wondering why this user had to
> have a default shell set to /bin/sh. Is there any reason for that? Can I
> modify it to /bin/false? Is it a security problem to have a service like
> Proftpd (running standalone) running with the default shell to /bin/sh?
>
>
>
>
>
> Chears,
>
>
>
>
>
> Mico.

When you run a daemon it changes his user id to something (in this
case it is nobody) so it can get the privileges of that user. The user
id change is done in the same process(that will eventually fork, but
this doesn't matter). The daemon do not start a shell (that is started
when the user login).

PAolo

Reply to:

References:
- Re: proftpd using nobody user with /bin/sh ?
  - From: Paolo Pantaleo <paolopantaleo@gmail.com>

Prev by Date: simplified -- Re: GRUB woes (install to hde)
Next by Date: Re: GRUB woes (install to hde)
Previous by thread: Re: proftpd using nobody user with /bin/sh ?
Next by thread: How to enable SNMP TCP/Ip input/output counters
Index(es):
- Date
- Thread