From owner-freebsd-security Thu Mar 1 13:51:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from mta5.snfc21.pbi.net (mta5.snfc21.pbi.net [206.13.28.241]) by hub.freebsd.org (Postfix) with ESMTP id 7255A37B718 for ; Thu, 1 Mar 2001 13:51:24 -0800 (PST) (envelope-from rjmcintire@earthlink.net) Received: from emilyd ([64.161.77.242]) by mta5.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with SMTP id <0G9J00BTXGFAVN@mta5.snfc21.pbi.net> for freebsd-security@FreeBSD.ORG; Thu, 1 Mar 2001 13:45:10 -0800 (PST) Date: Thu, 01 Mar 2001 13:45:11 -0800 From: "Riley J. McIntire" Subject: RE: ftp access In-reply-to: <01030110014400.06418@jardan.infowest.com> To: "Aaron D.Gifford" , freebsd-security@FreeBSD.ORG Message-id: MIME-version: 1.0 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 7bit Importance: Normal X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Priority: 3 (Normal) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Aaron D.Gifford > Sent: Thursday, March 01, 2001 9:02 AM > To: freebsd-security@FreeBSD.ORG > Subject: RE: ftp access > > I would caution folks from putting /sbin/nologin into /etc/shells > in order to > create FTP-only accounts. I would instead suggest you create a link to > /sbin/nologin and call it something like /sbin/ftponly and put > THAT shell in > your /etc/shells file and use it as the shell for your FTP-only users. Would this be a problem? root@aji# lls /sbin/ftp_only -rwxr-xr-x 1 root wheel - 48 Mar 1 13:23 /sbin/ftp_only* root@aji# cat /sbin/ftp_only echo This account is for ftp only ftp localhost root@aji# grep ftp_only /etc root@aji# grep ftp /etc/shells /sbin/ftp_only Then a telnet would show the motd and: This account is for ftp only Connected to localhost. 220 aji.wilshire.net FTP server (Version 6.00LS) ready. Name (localhost:username): To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message