Date: Thu, 01 Mar 2001 08:18:31 +0100 From: Roelof Osinga <roelof@eboa.com> To: Matt Piechota <piechota@argolis.org> Cc: Rob Simmons <rsimmons@wlcg.com>, George.Giles@mcmail.vanderbilt.edu, freebsd-security@FreeBSD.ORG Subject: Re: ftp access Message-ID: <3A9DF7C7.FF9361C2@eboa.com> References: <Pine.BSF.4.31.0102281426470.457-100000@cithaeron.argolis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Piechota wrote:
>
> On Tue, 27 Feb 2001, Rob Simmons wrote:
>
> > /sbin/nologin as the user's shell. You also have to add this shell to
> > /etc/shells
>
> I though the idea of nologin was to deny access. Wouldn't you want to
> copy nologin to /sbin/ftponly (or something) and put that in /etc/shells?
> That way you have 3 step: telnet+ftp (tcsh, bash, etc), ftp only
> (/sbin/ftponly), and no access (/sbin/nologin).
Well, there is nologin and then there is nologin.
nisse:/usr/local/www# apropos nologin
login_auth(3), -(3) - auth_checknologin, auth_cat authentication style support l
ibrary for login class capabilities database
nologin(5) - disallow logins
nologin(8) - politely refuse a login
so we got nologin(5):
DESCRIPTION
Nologin disallows logins if the file /var/run/nologin exists. Programs
display the contents of /var/run/nologin to the user and exit.
and we got nologin(8):
DESCRIPTION
Nologin displays a message that an account is not available and exits
non-zero. It is intended as a replacement shell field for accounts that
have been disabled.
Besides that we, of course, also got login(1):
If the file /var/run/nologin exists, login displays its contents to the
user and exits. This is used by shutdown(8) to prevent users from log-
ging in when the system is about to go down.
as well as ftpd(8):
The file /var/run/nologin can be used to disable ftp access. If the file
exists, ftpd displays it and exits. If the file /etc/ftpwelcome exists,
ftpd prints it before issuing the ``ready'' message. If the file
/etc/ftpmotd exists, ftpd prints it after a successful login. Note the
motd file used is the one relative to the login environment. This means
the one in ~ftp/etc in the anonymous user's case.
So in general you are right. The goal of nologin is to define nologin.
However, that havind been said, there is a slight difference between
getting ones cake/login and eating (or not getting as the case might
be) one cake/login.
In itself there is much to be said for having a nologin binary
which disallows logins, yet also having a ftpd which disallows
logins provided the users shells is not a valid one as per
/etc/shells. Thus one can have ones cake - i.e. disallowing shell
access - whilest eating it too - i.e. allowing ftp access.
In your stated case, providing - say - bash as shell allows both
shell and ftp access; providing nologin+shell allows ftp access
and, last but not least, providing just nologin allows nada. In
the latter case providing /nada/niente serves the same purpose
whilest keeping the previous door opened.
Anyway, that's the theory as I understand it. The practice
however... ;)
Roelof
--
It's a dogs life @ http://cairni.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A9DF7C7.FF9361C2>