From owner-freebsd-security Tue Feb 27 21:52:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.unila.ac.id (ns1.unila.ac.id [202.158.47.162]) by hub.freebsd.org (Postfix) with SMTP id 14BB837B71D for ; Tue, 27 Feb 2001 21:51:50 -0800 (PST) (envelope-from riki@maiser.unila.ac.id) Received: (qmail 1720 invoked from network); 28 Feb 2001 05:54:11 -0000 Received: from maiser.unila.ac.id (192.168.1.2) by ns1.unila.ac.id with SMTP; 28 Feb 2001 05:54:11 -0000 Received: from localhost (riki@localhost) by maiser.unila.ac.id (8.9.3/8.9.3) with ESMTP id MAA60460; Wed, 28 Feb 2001 12:49:55 +0700 (JAVT) (envelope-from riki@maiser.unila.ac.id) Date: Wed, 28 Feb 2001 12:49:54 +0700 (JAVT) From: Q Yai QQ To: Carroll Kong Cc: Roelof Osinga , freebsd-security@FreeBSD.ORG Subject: Re: ftp access In-Reply-To: <4.2.2.20010228002521.00c58340@netmail.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hai guys,... i try to do chpass user's shell,... to change his shell to /sbin/nologin it work,... but,.when i get access via ftp,.... the server not allow me,...just for a second i get in,.. then,. disconnect very fast,... what's wrong,... thank's for u'r respon,. On Wed, 28 Feb 2001, Carroll Kong wrote: > At 05:47 AM 2/28/01 +0100, Roelof Osinga wrote: > >Rob Simmons wrote: > > > > > > /sbin/nologin as the user's shell. You also have to add this shell to > > > /etc/shells > > > >Alas, no. > > > >Not on 4.2 anyway. Just today - ok, technically yesterday, but who's > >counting? - I realized that the client was right after all. He could > >not log in indeed. Due to /sbin/nologin. > > > >When using regular ftpd. Using ProFTPd no problem. > > > >Ah, as a matter of fact, I was using inetd. Haven't tried > >daemon mode with 4.2 yet. Who knows? There might be hope, still. > > > >Roelof > > That is odd. The reason why ftpd does not work is because........ man ftpd > shows > > 4. The user must have a standard shell returned by > getusershell(3). > > So, man getusershell shows > > The getusershell() function returns a pointer to a legal user shell as > defined by the system manager in the file /etc/shells. If /etc/shells is > unreadable or does not exist, getusershell() behaves as if /bin/sh and > /bin/csh were listed in the file. > > This is very odd, unless I am forgetting something I did, I JUST > did this with a client two days ago on 4.2-STABLE. Telnet results in "not > authorized" or something like that, and ftpd lets them in happily. Same > user name and all. Please look it over, I am outright positive it > works! (ok, maybe 99.99999% sure). What is the error message? User > denied? Check man ftpd for that list of "reasons why ftpd would tell your > user to go away". > > -Carroll Kong > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > >>>>>>>>>>>>>>>>>*****<<<<<<<<<<<<<<<<< riki@unila.ac.id visit my homepage and sign my guestbook http://unilanet.unila.ac.id/~qq --------------------------------------- --------------------------------------- & __& &__ // \\ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message