Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Feb 2001 00:30:30 -0500
From:      Carroll Kong <damascus@home.com>
To:        Roelof Osinga <roelof@eboa.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: ftp access
Message-ID:  <4.2.2.20010228002521.00c58340@netmail.home.com>
In-Reply-To: <3A9C82D4.F1705B4@eboa.com>
References:  <Pine.BSF.4.33.0102271738250.82118-100000@mail.wlcg.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

At 05:47 AM 2/28/01 +0100, Roelof Osinga wrote:
>Rob Simmons wrote:
> >
> > /sbin/nologin as the user's shell.  You also have to add this shell to
> > /etc/shells
>
>Alas, no.
>
>Not on 4.2 anyway. Just today - ok, technically yesterday, but who's
>counting? - I realized that the client was right after all. He could
>not log in indeed. Due to /sbin/nologin.
>
>When using regular ftpd. Using ProFTPd no problem.
>
>Ah, as a matter of fact, I was using inetd. Haven't tried
>daemon mode with 4.2 yet. Who knows? There might be hope, still.
>
>Roelof

That is odd.  The reason why ftpd does not work is because........ man ftpd 
shows

            4.   The user must have a standard shell returned by
                 getusershell(3).

So, man getusershell shows

      The getusershell() function returns a pointer to a legal user shell as
      defined by the system manager in the file /etc/shells.  If /etc/shells is
      unreadable or does not exist, getusershell() behaves as if /bin/sh and
      /bin/csh were listed in the file.

         This is very odd, unless I am forgetting something I did, I JUST 
did this with a client two days ago on 4.2-STABLE.  Telnet results in "not 
authorized" or something like that, and ftpd lets them in happily.  Same 
user name and all.  Please look it over, I am outright positive it 
works!  (ok, maybe 99.99999% sure).  What is the error message?  User 
denied?  Check man ftpd for that list of "reasons why ftpd would tell your 
user to go away".

-Carroll Kong


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010228002521.00c58340>