Date: Mon, 5 Mar 2001 21:27:04 -0500 (EST) From: Adam <bsdx@looksharp.net> To: "Riley J. McIntire" <rjmcintire@earthlink.net> Cc: "Aaron D.Gifford" <agifford@infowest.com>, <freebsd-security@FreeBSD.ORG> Subject: RE: ftp access Message-ID: <Pine.BSF.4.33.0103052126390.13417-100000@turtle.looksharp.net> In-Reply-To: <NCBBLBILEPCHLFJAPIIPIEMEFFAA.rjmcintire@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 1 Mar 2001, Riley J. McIntire wrote: >> -----Original Message----- >> From: owner-freebsd-security@FreeBSD.ORG >> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Aaron D.Gifford >> Sent: Thursday, March 01, 2001 9:02 AM >> To: freebsd-security@FreeBSD.ORG >> Subject: RE: ftp access > >> >> I would caution folks from putting /sbin/nologin into /etc/shells >> in order to >> create FTP-only accounts. I would instead suggest you create a link to >> /sbin/nologin and call it something like /sbin/ftponly and put >> THAT shell in >> your /etc/shells file and use it as the shell for your FTP-only users. > >Would this be a problem? > >root@aji# lls /sbin/ftp_only >-rwxr-xr-x 1 root wheel - 48 Mar 1 13:23 /sbin/ftp_only* > >root@aji# cat /sbin/ftp_only >echo This account is for ftp only >ftp localhost >root@aji# grep ftp_only /etc > >root@aji# grep ftp /etc/shells >/sbin/ftp_only > >Then a telnet would show the motd and: > >This account is for ftp only >Connected to localhost. >220 aji.wilshire.net FTP server (Version 6.00LS) ready. >Name (localhost:username): What happens if they have a valid ftp account, login, and run !sh ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103052126390.13417-100000>