Date: Thu, 16 Nov 2000 22:36:00 -0800 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Rossen Raykov <rraykov@sageian.com> Cc: kris@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Shell acces with not specified shell in /etc/shells (Re: problem using sysinstall) Message-ID: <20001116223600.B9740@149.211.6.64.reflexcom.com> In-Reply-To: <010701c04f51$8d2659e0$4c00000a@sage>; from rraykov@sageian.com on Wed, Nov 15, 2000 at 05:15:24PM -0500 References: <bulk.92485.20001115010132@hub.freebsd.org> <003f01c04f3e$3c77e170$4c00000a@sage> <20001115125148.A21232@citusc17.usc.edu> <20001115131226.A21677@citusc17.usc.edu> <00d301c04f4d$e9802760$4c00000a@sage> <20001115135331.A22524@citusc17.usc.edu> <010701c04f51$8d2659e0$4c00000a@sage>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 15, 2000 at 05:15:24PM -0500, Rossen Raykov wrote: > Initially the /etc/shells file contains an empty line (between the comments > and the first shell). > I tough that this is the reason why login is granted on a person without > shell in /etc/passwd. > But I ware wrong! > I removed this line from /etc/shells and even after that I was able to gain > root command prompt after a valid password. > The shell is /bin/sh > > Don't this violate the idea of /etc/shells? No. A blank entry in /etc/passwd (/etc/master.passwd actually) is assumed to mean /bin/sh. From passwd(5), The shell field is the command interpreter the user prefers. If there is nothing in the shell field, the Bourne shell (/bin/sh) is assumed. This is more of a -questions thread. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001116223600.B9740>