Installing POP servers on linux?
John Chambers,,,781-647-1813
jc at trillian.mit.edu
Tue Sep 7 14:06:27 EDT 1999
Derek D. Martin writes:
On Sat, 4 Sep 1999, John Chambers wrote:
> So, just for the fun of it, I decided to ftp to the site and tell
> ftpd that I was the POP-only user. It worked just fine. And I wasn't
> in with any sort of restricted, anonymous permissions. I could cd to
> /etc without problem, and could get a copy of any of the files there.
>
> Now, a logged-in user can do the same thing, of course, though it's
> not quite as easy. But as I said, I'd gotten the impression that this
> was being set up as an email-only account. Not hardly.
This should not work! The ftp daemon is not supposed to allow login from
users unless their default shell is in /etc/shells (which /bin/false
should NOT be!) or I think it will allow /bin/sh and /bin/csh if
/etc/shells does not exist or is empty.
Check /etc/shells and see if /bin/false is in there... if it isn't, I
have no idea why you could get in. Maybe the ftpd that whips with RH 6 is
broken?
Could be. I checked /etc/shells, and the 6 entries there are the
usual suspects, not including /bin/false. I checked "man ftpd", and
sure enough, it says that a user "must have a standard shell returned
by getusershell(3)." Maybe I'll do a bit more testing with assorted
logins, and see if I can learn more.
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list