On Thu, Jan 31, 2002 at 03:44:08PM -0600, Jeffrey Forman wrote:
> Calling all samba gurus. I'm using samba right now as a basic file
> server for my home lan right now. I made it the PDC so now I can login
> to the domain from any windows machine on the network, authenticating
> back to the samba machine. But I am having one slight problem.
> All the users that want to login to the domain via the windows machines,
> also have to have an entry in the /etc/passwd file on the linux machine
> housing the samba server. This is what I get when I try to add a user
> "testuser" to the samba passwd file, but who is not present in
> /etc/passwd.
I created noshell users:
from /etc/passwd:
media:x:1002:1002:,,,:/home/media:/usr/local/bin/noshell
no shell is the following:
#include <stdio.h>
main() {
printf("\n\n\nThis account has been noshelled\n\n");
exit(1);
}
This doesn't log any attempted login but keeps the bad guys from
getting a shell. Note, that if they can edit their home directory they
could create a .forward containing shell commands or do some similar
attack to start running arbitrary things on the machine.
--
mailto:[EMAIL PROTECTED]
http://www.ece.utexas.edu/~thecap/
28 70 20 71 2C 65 29 61 9C B1 36 3D D4 69 CE 62 4A 22 8B 0E DC 3E
_______________________________________________
Siglinux mailing list
[EMAIL PROTECTED]
http://www.utacm.org/mailman/listinfo/siglinux
