-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 L.W. van Braam van Vloten wrote: > Hello group, > > Is there any objection against adding /bin/false to the file > /etc/shells? Most notably, are there any security considerations? > > I wish to create a user that can log in to my FTP server, but without > shell access. I can prevent the shell access by specifying /bin/false as > the user shell. But my ProFTPD server will only allow this user to log > in if /bin/false is present in /etc/shells. By default this is not the > case.
I do not have an authoritative answer. Personally, I do not see a problem. I have wu-ftp available here, and did some testing with it. Found the same problem here. Another thing that works is to use /bin/rbash as the shell. Assign restricted users to one group, then modify /etc/profile so that all members of that group get PATH="". Then they can login, but cannot do anything. Go one step farther, and put exit in the /etc/profile for that group, and they will login, but immediately logout again. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFh3ZBu4tRirKTPYwRAgyZAJ9aQowqUSEv4tCecFm7JdRbnfX/uQCeJVRz UUaNpCa5EEO/P98qhh1xJIk= =yVq/ -----END PGP SIGNATURE-----
begin:vcard fn:W Paul Mills n:Mills;W Paul org:The Mills Chaos In The USA adr:;;;Topeka;Kansas;;USA email;internet:[EMAIL PROTECTED] title:Electronics Technician note:Hint: remove -NOT x-mozilla-html:FALSE url:http://Mills-USA.com version:2.1 end:vcard