[803] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] wu.ftp, ftpaccess, and /bin/false shell

daemon@ATHENA.MIT.EDU (Richard Jones)
Sun Jun 16 15:30:23 1996

Date: Thu, 6 Jun 1996 09:20:20 -0400 (EDT)
From: Richard Jones <sysgrad3@csc.albany.edu>
To: linux-security@tarsier.cv.nrao.edu


  Hi.

  I'm trying to use the wu.ftp ftpaccess file to setup a guestgroup whereby
users with listings in the /etc/passwd file can upload to certain 
sections of a Linux-based web site.  However, I'd like to deny these 
people telnet access.  In ftpaccess I use the line:

guestgroup ftponly 

ftponly is defined as a group in /etc/group and its users have 
/etc/passwd entries that look like:

ftponlyuser1:sladfkj:12:324:FTP ONLY:/usr/ftp/./user1s_ftp_dir/:bin/false

This is straight out of O'Reilly's Managing Internet Info. Services.  
This doesn't work for me, though.  With a shell set to /bin/false a user 
is not allowed to ftp login.  Is this a Linux thing? The user can ftp 
login with /bin/bash or some other viable shell, but this opens up telnet 
ability to the user (I can't use /etc/hosts.deny because it's too coarse).
   Any insights into this situation, or other ideas on how to achieve 
full ftp access with no telnet access is greatly appreciated. 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Richard W. Jones				   sysgrad3@cnsunix.albany.edu
Distributed Systems Graduate Assistant                             SUNY Albany
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

home help back first fref pref prev next nref lref last post