From owner-freebsd-questions@FreeBSD.ORG  Sat Aug 23 08:02:01 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E90B16A4BF
	for <questions@freebsd.org>; Sat, 23 Aug 2003 08:02:01 -0700 (PDT)
Received: from mail.skiltech.com (bunning.skiltech.com [216.235.79.240])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A677443FDD
	for <questions@freebsd.org>; Sat, 23 Aug 2003 08:02:00 -0700 (PDT)
	(envelope-from minter@lunenburg.org)
Received: from localhost (localhost [127.0.0.1])
	by mail.skiltech.com (Postfix) with ESMTP id 2E1511204CE
	for <questions@freebsd.org>; Sat, 23 Aug 2003 11:02:00 -0400 (EDT)
Received: from mail.skiltech.com ([127.0.0.1])
 by localhost (bunning.skiltech.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 21270-07 for <questions@freebsd.org>;
 Sat, 23 Aug 2003 11:01:59 -0400 (EDT)
Received: from lunenburg.org (rdu57-88-128.nc.rr.com [66.57.88.128])
	(using TLSv1 with cipher DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by mail.skiltech.com (Postfix) with ESMTP id 75811120488
	for <questions@freebsd.org>; Sat, 23 Aug 2003 11:01:59 -0400 (EDT)
Date: Sat, 23 Aug 2003 11:01:58 -0400
Mime-Version: 1.0 (Apple Message framework v552)
Content-Type: text/plain; charset=US-ASCII; format=flowed
From: H.Wade Minter <minter@lunenburg.org>
To: questions@freebsd.org
Content-Transfer-Encoding: 7bit
Message-Id: <BE15D5BE-D57A-11D7-9C7A-000393C3212A@lunenburg.org>
X-Pgp-Agent: GPGMail (v26)
X-Mailer: Apple Mail (2.552)
X-Virus-Scanned: by amavisd-new at skiltech.com
Subject: vsftpd port not honoring /etc/shells
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2003 15:02:01 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I installed the vsftpd port on my RELENG_4_8 system as a replacement 
for the standard ftpd.  However, it doesn't appear to be honoring 
/etc/shells - a user listed in the passwd file with a shell 
(/sbin/nologin) that does not appear in /etc/shells is still allowed to 
FTP into the system.

I'm guessing this may be a problem with PAM, as I have 
"check_shell=YES" in /usr/local/etc/vsftpd.conf, and the manpage for 
vsftpd.conf says that this setting is only valid for non-PAM builds.  
But I'm stumped as to how to lock down users via /etc/shells in the 
default port build.

Any suggestions would be appreciated.

- --Wade
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE/R4Hmo4DwsyRGDscRAuXjAJ9dYM8XaMx3JEb+tQPOM+uuhiRZ6QCfSHM7
E0Nxl/fzYqkAbxYlvc4FA/M=
=kF8x
-----END PGP SIGNATURE-----