[803] in linux-security and linux-alert archive
[linux-security] wu.ftp, ftpaccess, and /bin/false shell
daemon@ATHENA.MIT.EDU (Richard Jones)
Sun Jun 16 15:30:23 1996
Date: Thu, 6 Jun 1996 09:20:20 -0400 (EDT)
From: Richard Jones <sysgrad3@csc.albany.edu>
To: linux-security@tarsier.cv.nrao.edu
Hi.
I'm trying to use the wu.ftp ftpaccess file to setup a guestgroup whereby
users with listings in the /etc/passwd file can upload to certain
sections of a Linux-based web site. However, I'd like to deny these
people telnet access. In ftpaccess I use the line:
guestgroup ftponly
ftponly is defined as a group in /etc/group and its users have
/etc/passwd entries that look like:
ftponlyuser1:sladfkj:12:324:FTP ONLY:/usr/ftp/./user1s_ftp_dir/:bin/false
This is straight out of O'Reilly's Managing Internet Info. Services.
This doesn't work for me, though. With a shell set to /bin/false a user
is not allowed to ftp login. Is this a Linux thing? The user can ftp
login with /bin/bash or some other viable shell, but this opens up telnet
ability to the user (I can't use /etc/hosts.deny because it's too coarse).
Any insights into this situation, or other ideas on how to achieve
full ftp access with no telnet access is greatly appreciated.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Richard W. Jones sysgrad3@cnsunix.albany.edu
Distributed Systems Graduate Assistant SUNY Albany
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-