Date: Thu, 29 Apr 2010 11:20:55 -0400 From: Lowell Gilbert <freebsd-bugs-local@be-well.ilk.org> To: Paul Hoffman <phoffman@proper.com> Cc: freebsd-bugs@freebsd.org Subject: Re: conf/145887: /usr/sbin/nologin should be in the default /etc/shells Message-ID: <44och29tew.fsf@be-well.ilk.org> In-Reply-To: <p0624088cc7f53a5a8d7e@[10.20.30.158]> (Paul Hoffman's message of "Wed\, 21 Apr 2010 16\:34\:10 -0700") References: <201004201507.o3KF7Ydf006145@www.freebsd.org> <44vdbk6a48.fsf@be-well.ilk.org> <p0624086dc7f4d96fd620@[10.20.30.158]> <44mxww5ta3.fsf@be-well.ilk.org> <p0624088cc7f53a5a8d7e@[10.20.30.158]>
next in thread | previous in thread | raw e-mail | index | archive | help
I haven't been doing a very good job explaining myself. Maybe someone else will (eventually) do a better job. Or whap me in the head for being wrong... Paul Hoffman <phoffman@proper.com> writes: > The problem is that many servers in the ports collection (such as mail access programs like qpoper) will only let clients connect if the client has a shell that is listed in /etc/shells. From a security standpoint, it would be obviously better to give these users the ability to act as clients but not to be able to log in using the shells that are listed by default (sh, csh, or tcsh). > > It sounds like you are suggesting that these users should be given a *different* shell, and that shell be added to /etc/shells. Why would that be any better than adding /usr/sbin/nologin to /etc/shells? Exactly right. The reason it's better is that you wouldn't be opening up existing nologin users to be able to receive mail, FTP in, and so on. It's okay if you want to do that on your box, but doing it by default would be an unreasonable breach of the so-called "Principle of Least Astonishment," and one involving potential security problems at that.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44och29tew.fsf>