Re: Adding /bin/false to /etc/shells
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
L.W. van Braam van Vloten wrote:
> Hello group,
>
> Is there any objection against adding /bin/false to the file
> /etc/shells? Most notably, are there any security considerations?
>
> I wish to create a user that can log in to my FTP server, but without
> shell access. I can prevent the shell access by specifying /bin/false as
> the user shell. But my ProFTPD server will only allow this user to log
> in if /bin/false is present in /etc/shells. By default this is not the
> case.
I do not have an authoritative answer. Personally, I do not see
a problem.
I have wu-ftp available here, and did some testing with it. Found
the same problem here. Another thing that works is to use /bin/rbash
as the shell. Assign restricted users to one group, then modify
/etc/profile so that all members of that group get PATH="". Then
they can login, but cannot do anything. Go one step farther, and
put exit in the /etc/profile for that group, and they will login, but
immediately logout again.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFh3ZBu4tRirKTPYwRAgyZAJ9aQowqUSEv4tCecFm7JdRbnfX/uQCeJVRz
UUaNpCa5EEO/P98qhh1xJIk=
=yVq/
-----END PGP SIGNATURE-----
begin:vcard
fn:W Paul Mills
n:Mills;W Paul
org:The Mills Chaos In The USA
adr:;;;Topeka;Kansas;;USA
email;internet:Paul-NOT@Mills-USA.com
title:Electronics Technician
note:Hint: remove -NOT
x-mozilla-html:FALSE
url:http://Mills-USA.com
version:2.1
end:vcard
Reply to: