From owner-freebsd-questions Wed Apr 2 14:33:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA29830 for questions-outgoing; Wed, 2 Apr 1997 14:33:16 -0800 (PST) Received: from hudsucker.gamespot.com (hudsucker.gamespot.com [206.169.18.74]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA29825 for ; Wed, 2 Apr 1997 14:33:14 -0800 (PST) Received: (from jsd@localhost) by hudsucker.gamespot.com (8.8.5/8.8.5) id OAA01955; Wed, 2 Apr 1997 14:33:03 -0800 (PST) Date: Wed, 2 Apr 1997 14:33:03 -0800 (PST) Message-Id: <199704022233.OAA01955@hudsucker.gamespot.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Random Junk To: "Lee Crites (AEI)" , freebsd-questions@freebsd.org Subject: Re: Users with no shells In-Reply-To: References: <199704022105.OAA24533@xmission.xmission.com> X-Mailer: VM 6.22 under 19.14 XEmacs Lucid Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Lee Crites (AEI) writes: > I just tried to ftp to the user I was testing the scripts with, and as > soon as I entered the user name, I got back: > 530 User xxxxxx access denied. > Login failed. > Remote system type is UNIX. this works because the ftp daemon checks the file /etc/shells for a list of valid shells. if your script doesn't appear in /etc/shells, the user won't be able to ftp in with that account name. > Would a compiled program be more secure than scripts? I'm sort of > leaning in that direction because you can't 'read' an executable like > you can a script. true. you can probably make your nologin script not-world-readable though. ---jsd "Sanity is a one trick pony...you only get one trick: rational thinking... but when you're good and crazy,the sky's the limit!!" - The Tick.