Date: Wed, 2 Apr 1997 18:56:16 -0500 (EST) From: Intuitive Design Archive <archive@in-design.com> To: Random Junk <jsd@gamespot.com> Cc: "Lee Crites (AEI)" <leec@adam.adonai.net>, freebsd-questions@freebsd.org Subject: Re: Users with no shells Message-ID: <Pine.BSF.3.91.970402185502.7786A-100000@nero.in-design.com> In-Reply-To: <199704022233.OAA01955@hudsucker.gamespot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2 Apr 1997, Random Junk wrote: > Lee Crites (AEI) writes: > > I just tried to ftp to the user I was testing the scripts with, and as > > soon as I entered the user name, I got back: > > 530 User xxxxxx access denied. > > Login failed. > > Remote system type is UNIX. > > this works because the ftp daemon checks the file /etc/shells for a > list of valid shells. if your script doesn't appear in /etc/shells, > the user won't be able to ftp in with that account name. > > > Would a compiled program be more secure than scripts? I'm sort of > > leaning in that direction because you can't 'read' an executable like > > you can a script. > > true. you can probably make your nologin script not-world-readable > though. > > ---jsd > > "Sanity is a one trick pony...you only get one trick: rational thinking... > but when you're good and crazy,the sky's the limit!!" - The Tick. > How about giving them login.access put them there, then above that giving them a shell like /bin/false? Is there anything wrong with this setup? Intuitive Design Archive http://www.in-design.com archive@in-design.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970402185502.7786A-100000>