Date: Tue, 19 Sep 1995 13:40:03 +0200 From: Rob Simons <rob@Simplex.NL> To: questions@freebsd.org Subject: Re: POP Mailboxes Message-ID: <199509191140.NAA00882@Simplex.NL>
next in thread | raw e-mail | index | archive | help
Subject: Re: POP Mailboxes
Cc: shorty@iii.net
| >On Fri, 15 Sep 1995 bmk@dtr.com wrote:
|
| >> The same way you set up a "normal" mailbox. popper simply reads the
| >> user's mail out of the mail spool.
| >
| >Which means if you don't want them to have logon accounts, you'll want to
| >set their shell to /bin/false and their home directories to /tmp. Never
| >done it on my FreeBSD machine, but I suspect this also means that you'll
| >need to add /bin/false to /etc/shells.
|
| Errmm.. Well, you could I spose, but if you leave it out, even if someone
| manages to put a copy of csh called false in the bin directory, he will
| still be denied access on the grounds of an invalid shell..
Well, as root you can specify any shell you like, no matter if it's in
the /etc/shells file or not. When the user logs on, he or she will just
get the shell you specified, not access denied on grounds of a false
shell.
It's indeed better to set the shell at something that *does* exist, e.g.
point it at /bin/sync or a home made shell which states "access denied
on these grounds: blah"
Don't ever put the shell you give them in /etc/shells, because then they
will have ftp access to your system. ftpd checks /etc/shells for valid
shells. :-)
My /usr/local/bin/xsh is as follows:
/*
* stupid shell for users whom are kicked of the system.
* 940724 - Rob.
*/
# include <stdio.h>
int main(void)
{
printf("\n\n\tYou are denied access to this system, please contact\n");
printf("\tyour local system administrator for details.\n\n");
/* In your case I might add: */
printf("\tYou can only use the pop (email) sever on this machine.\n");
/* end addition */
exit(0);
/* obviously we won't get this far. */
return;
}
compile it with 'cc -o xsh xsh.c' and move or copy it to /usr/local/bin,
point the users shell to it, and make sure it's excecutable!
'chmod 111 /usr/local/bin/xsh'. Or any other combination of access
and rights you prefer.
- Rob.
/*--------------------------------------------------------------*\
/* Rob Simons | rob@simplex.nl *\
/* ------------ | ------------- | -------- | ------- *\
/* Novell Netware System Operator | UNIX system operator *\
/*--------------------------------------------------------------*\
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509191140.NAA00882>