Re: User Shell?

Subject: Re: User Shell?
From: Lancaster, David Matthew (c4ng2@unb.ca)
Date: Wed May 17 2000 - 22:43:46 EDT

• Next message: Michael Harlow: "locked files when copying"
• Previous message: Jeff Thompson: "Printer Descriptions"
• In reply to: Bill Tihen -- TECHNOLOGY: "Re: User Shell?"
• Next in thread: jeff b: "Re: User Shell?"
• Reply: Lancaster, David Matthew: "Re: User Shell?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

IIRC, wu-ftpd (the default ftp server in at least RedHat) checks to see if
a user's shell (read from /etc/passwd) is a valid shell (i.e. in
/etc/shells). So you can prevent telnet and allow ftp by changing to a
"limited" program such as passwd or false and adding the appropriate
entry to /etc/shells. You can prevent both by not adding the entry.

I'm not sure of afpd's requirements, but you could always run a quick test
as suggested earlier. If it *does* require a valid entry in /etc/shells,
put it in, then add an entry to /etc/ftpaccess to prevent the student's
group from being able to login to the ftp server. AFAIK, this should
prevent them from using anything, as they'd need a shell or ftp access to
do "anything".

D.

> Students don't need ftp or telnet access. However, I
> thought I remembered that netatalk required a "real"
> shell. I thought if one used /dev/false then the
> students would no longer be able to access their files
> via netatalk. Netatalk access is very important. Has
> this changed? I thought I just read about someone who
> stumbled into this gotcha.
>
> Bill

• Next message: Michael Harlow: "locked files when copying"
• Previous message: Jeff Thompson: "Printer Descriptions"
• In reply to: Bill Tihen -- TECHNOLOGY: "Re: User Shell?"
• Next in thread: jeff b: "Re: User Shell?"
• Reply: Lancaster, David Matthew: "Re: User Shell?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:30:45 EST