Hi, I do have the following problem: I want users to have access to their homedir via FTP, but without shell-access (telnet, shh) - however, I (as root) want to be able to su to the useraccount and execute programs. Which login shell do I have to use in /etc/passwd? Best regards, Peter Hinse hinse@gmx.de
On Wed, 1 Nov 2000, Peter Hinse wrote:
Hi,
I do have the following problem: I want users to have access to their homedir via FTP, but without shell-access (telnet, shh) - however, I (as root) want to be able to su to the useraccount and execute programs. Which login shell do I have to use in /etc/passwd?
Try /bin/false
Best regards, Peter Hinse hinse@gmx.de
Stefan
... or (looks nicer) create a script /bin/nologin with: #!/bin/sh echo Sorry you've no shell here :-( echo Contact root@x.z.y sleep 5 ... and set /bin/nologin in /etc/passwd
-----Ursprungliche Nachricht----- Von: Stefan Suurmeijer [mailto:stefan@symbolica.nl] Gesendet: Donnerstag, 2. November 2000 00:08 An: Peter Hinse Cc: suse-security@suse.com Betreff: Re: [suse-security] login shell
On Wed, 1 Nov 2000, Peter Hinse wrote:
Hi,
I do have the following problem: I want users to have access to their homedir via FTP, but without shell-access (telnet, shh) - however, I (as root) want to be able to su to the useraccount and execute programs. Which login shell do I have to use in /etc/passwd?
Try /bin/false
Best regards, Peter Hinse hinse@gmx.de
Stefan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Boris Kantwerk schrieb am Thu, 2 Nov 2000 um 00:28:
... or (looks nicer) create a script /bin/nologin with:
#!/bin/sh
echo Sorry you've no shell here :-( echo Contact root@x.z.y
sleep 5
... and set /bin/nologin in /etc/passwd
Don't do this. This causes a spawning of a shell, and that can be
exploited. If you really need feedback, use
----- nologin.c -----
#include
Hi,
#!/bin/sh
echo Sorry you've no shell here :-( echo Contact root@x.z.y
sleep 5 ... and set /bin/nologin in /etc/passwd
use 'ksh' with traps, or the C-code with some extension: deny the signals! Regards, -- Kis-Szabo Andras Budapest University of Technology and Economics ---------------------------/ Schonherz Dormitory kisza@sch.bme.hu /---------------------------------33O-->>>>.Info
On Thu, 2 Nov 2000, Kis-Szabo Andras wrote: hi,
Hi,
#!/bin/sh
echo Sorry you've no shell here :-( echo Contact root@x.z.y
sleep 5 ... and set /bin/nologin in /etc/passwd
use 'ksh' with traps, or the C-code with some extension: deny the signals! Why not using standard solutions? :)
It is very likely that bugs slip in when you begin to write more complex code yourself. And a loginshell should be written carefully imho. bye, Sebastian
Hi,
I do have the following problem: I want users to have access to their homedir via FTP, but without shell-access (telnet, shh) - however, I (as root) want to be able to su to the useraccount and execute programs. Which login shell do I have to use in /etc/passwd?
The /bin/false and that other shell suggestion are rather ... icky. You can use PAM! http://www.sysadminmag.com/ september archives.
Best regards, Peter Hinse hinse@gmx.de
Kurt Seifried - seifried@securityportal.com SecurityPortal, your focal point for security on the net http://www.securityportal.com/
participants (7)
-
Bastian Friedrich -
Boris Kantwerk -
Kis-Szabo Andras -
Kurt Seifried -
Peter Hinse -
Sebastian Krahmer -
Stefan Suurmeijer