 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Derek D. Martin writes: On Sat, 4 Sep 1999, John Chambers wrote: > So, just for the fun of it, I decided to ftp to the site and tell > ftpd that I was the POP-only user. It worked just fine. And I wasn't > in with any sort of restricted, anonymous permissions. I could cd to > /etc without problem, and could get a copy of any of the files there. > > Now, a logged-in user can do the same thing, of course, though it's > not quite as easy. But as I said, I'd gotten the impression that this > was being set up as an email-only account. Not hardly. This should not work! The ftp daemon is not supposed to allow login from users unless their default shell is in /etc/shells (which /bin/false should NOT be!) or I think it will allow /bin/sh and /bin/csh if /etc/shells does not exist or is empty. Check /etc/shells and see if /bin/false is in there... if it isn't, I have no idea why you could get in. Maybe the ftpd that whips with RH 6 is broken? Could be. I checked /etc/shells, and the 6 entries there are the usual suspects, not including /bin/false. I checked "man ftpd", and sure enough, it says that a user "must have a standard shell returned by getusershell(3)." Maybe I'll do a bit more testing with assorted logins, and see if I can learn more. - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
