Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Jul 1998 16:24:53 +1000
From:      "John Saunders" <john.saunders@scitec.com.au>
To:        "FreeBSD stable" <freebsd-stable@FreeBSD.ORG>
Subject:   Re: Finger and getpwent
Message-ID:  <08c601bdb082$71b81b50$6cb611cb@saruman.scitec.com.au>
next in thread | raw e-mail | index | archive | help 

>I've always been under the impression that shell and FTP checking
>/etc/shells and mail services *not* doing so was a deliberate
>design decision, not an oversight.

Until something better is implemented there are good reasons
for both sides. I have modified pppd, ftpd and qpopper to check
for a valid shell. However if a valid shell is not found I made
pppd check for "PPP", ftpd check for "FTP", and qpopper check
for "POP" in the shell field using strstr(). So I can configure
an account with a shell of "POP,FTP" to enable both those services
but not shell logins.

While this suits my system it's not entirely flexible, I can't
provide shell access but not FTP access for example. What is
needed is an addition system where the user has a list of service
type attributes associated with them. Then each service would
check the attributes to see if the user is allowed to access the
service. e.g. a config file like...

fred:shell ppp telnet
joe:ppp pop
mary:telnet pop ftp
*:shell ppp

Then a library call like checkaccess(char *user, char *service)

I believe the early shadow password suite used on Linux started
to have something similar but it didn't look completed when I
last looked at it. I think PAM has superceeded shadow now anyway.

Cheers.
--   .   +-------------------------------------------------------+
 ,--_|\  | John Saunders    mailto:John.Saunders@scitec.com.au   |
/  Oz  \ | SCITEC LIMITED   Phone +61294289563  Fax +61294289933 |
\_,--\_/ | "By the time you make ends meet, they move the ends." |
      v  +-------------------------------------------------------+



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?08c601bdb082$71b81b50$6cb611cb>