From owner-freebsd-questions Wed Apr 2 15:56:23 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA07426 for questions-outgoing; Wed, 2 Apr 1997 15:56:23 -0800 (PST) Received: from nero.in-design.com (root@nero.in-design.com [204.157.146.146]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA07419 for ; Wed, 2 Apr 1997 15:56:16 -0800 (PST) Received: (from archive@localhost) by nero.in-design.com (8.8.5/8.8.5) id SAA07893; Wed, 2 Apr 1997 18:56:16 -0500 (EST) Date: Wed, 2 Apr 1997 18:56:16 -0500 (EST) From: Intuitive Design Archive To: Random Junk cc: "Lee Crites (AEI)" , freebsd-questions@freebsd.org Subject: Re: Users with no shells In-Reply-To: <199704022233.OAA01955@hudsucker.gamespot.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 2 Apr 1997, Random Junk wrote: > Lee Crites (AEI) writes: > > I just tried to ftp to the user I was testing the scripts with, and as > > soon as I entered the user name, I got back: > > 530 User xxxxxx access denied. > > Login failed. > > Remote system type is UNIX. > > this works because the ftp daemon checks the file /etc/shells for a > list of valid shells. if your script doesn't appear in /etc/shells, > the user won't be able to ftp in with that account name. > > > Would a compiled program be more secure than scripts? I'm sort of > > leaning in that direction because you can't 'read' an executable like > > you can a script. > > true. you can probably make your nologin script not-world-readable > though. > > ---jsd > > "Sanity is a one trick pony...you only get one trick: rational thinking... > but when you're good and crazy,the sky's the limit!!" - The Tick. > How about giving them login.access put them there, then above that giving them a shell like /bin/false? Is there anything wrong with this setup? Intuitive Design Archive http://www.in-design.com archive@in-design.com