Talk:Invalid shell - Revision history

Jimbo at 03:20, 9 June 2006

2006-06-09T03:20:19Z

Jimbo: only if you need it to be

2006-06-09T03:19:07Z

only if you need it to be

Ninereasons at 16:30, 8 June 2006

2006-06-08T16:30:56Z

New page

==/etc/shells==
I wrote —
:''Obviously, you don't want an invalid shell to be listed in the database of standard shells (/etc/shells).''
— or do you? There seems to be a difference of opinion about this, and I'm undecided between them. My ISP's SunOS lists <code>ftponly</code> and <code>nologin</code> in <code>/etc/shells</code>. I've always listed these there, when I was running Linux. But the hazard is, it makes it possible for a non-root user to assign itself a non-standard shell, disabling the account - which only a super-user can fix.

On the other hand, some FTP daemons and database authentication schemes require a standard shell, at least by default, even if it is an invalid one and even if the service provides its own shell. What's your view? Should <code>/usr/sbin/nologin</code> be in the shells database? [[User:Ninereasons|Ninereasons]] 12:30, 8 June 2006 (EDT)

← Older revision		Revision as of 03:20, 9 June 2006
Line 8:		Line 8:
	== only if you need it to be ==		== only if you need it to be ==

−	If you're running an ftpd that refuses to allow logins unless the account has a valid shell, then <s>put the shell into /etc/shells</s> get a non-retarded ftpd. Seriously, that chaps my butt pretty badly... I mean, christ, the vast majority of the situations I WANT ftp for involve wanting to give ftp out ~~as an ALTERNATIVE to~~ shell access. If somebody's got a shell, what do they need FTP for? =) --[[User:Jimbo\|Jimbo]] 23:19, 8 June 2006 (EDT)	+	If you're running an ftpd that refuses to allow logins unless the account has a valid shell, then <s>put the shell into /etc/shells</s> get a non-retarded ftpd. Seriously, that chaps my butt pretty badly... I mean, christ, the vast majority of the situations I WANT ftp for involve wanting to give ftp out INSTEAD OF shell access, to allow people to park files on the box without risking them messing about and getting into trouble / trying to run local privilege escalation exploits / etc. If somebody's got a shell, what do they need FTP for? =) --[[User:Jimbo\|Jimbo]] 23:19, 8 June 2006 (EDT)

← Older revision		Revision as of 03:19, 9 June 2006
Line 5:		Line 5:

	On the other hand, some FTP daemons and database authentication schemes require a standard shell, at least by default, even if it is an invalid one and even if the service provides its own shell. What's your view? Should <code>/usr/sbin/nologin</code> be in the shells database? [[User:Ninereasons\|Ninereasons]] 12:30, 8 June 2006 (EDT)		On the other hand, some FTP daemons and database authentication schemes require a standard shell, at least by default, even if it is an invalid one and even if the service provides its own shell. What's your view? Should <code>/usr/sbin/nologin</code> be in the shells database? [[User:Ninereasons\|Ninereasons]] 12:30, 8 June 2006 (EDT)
		+
		+	== only if you need it to be ==
		+
		+	If you're running an ftpd that refuses to allow logins unless the account has a valid shell, then <s>put the shell into /etc/shells</s> get a non-retarded ftpd. Seriously, that chaps my butt pretty badly... I mean, christ, the vast majority of the situations I WANT ftp for involve wanting to give ftp out as an ALTERNATIVE to shell access. If somebody's got a shell, what do they need FTP for? =) --[[User:Jimbo\|Jimbo]] 23:19, 8 June 2006 (EDT)