On Mon, Dec 18, 2006 at 11:19:00PM -0600, W Paul Mills wrote:
> > /etc/shells? Most notably, are there any security considerations?
> >
> > I wish to create a user that can log in to my FTP server, but without
> > shell access. I can prevent the shell access by specifyi
> On Mon, Dec 18, 2006 at 03:49:26PM +0100, L.W. van Braam van Vloten wrote:
> > Is there any objection against adding /bin/false to the file
> > /etc/shells? Most notably, are there any security considerations?
> >
> > I wish to create a user that can log in to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
L.W. van Braam van Vloten wrote:
> Hello group,
>
> Is there any objection against adding /bin/false to the file
> /etc/shells? Most notably, are there any security considerations?
>
> I wish to create a user that can log in to
"L.W. van Braam van Vloten" <[EMAIL PROTECTED]> writes:
> Hello group,
>
> Is there any objection against adding /bin/false to the file
> /etc/shells? Most notably, are there any security considerations?
It's common to use /bin/false for users who can't log
On Mon, Dec 18, 2006 at 03:49:26PM +0100, L.W. van Braam van Vloten wrote:
> Hello group,
>
> Is there any objection against adding /bin/false to the file
> /etc/shells? Most notably, are there any security considerations?
>
> I wish to create a user that can log in to
Hello group,
Is there any objection against adding /bin/false to the file
/etc/shells? Most notably, are there any security considerations?
I wish to create a user that can log in to my FTP server, but without
shell access. I can prevent the shell access by specifying /bin/false
as the
Ruben van Engelenburg <[EMAIL PROTECTED]> wrote:
> I was installing vsFtpd om my Debian server today and found out that
> users can't login if their shell is set to /bin/false. [...]
> Is there a way to change this behaviour [...]
Add your "shell" to the list in /et
i'm using a pretty much standard debian stable machine...
i need to allow users FTP only access - i can create them with
#adduser --shell /bin/false
in the /etc/proftpd.conf file i can set
RequireValidShell off
so that the proftpd server allows the users access even though they
> From: Martin Fluch [mailto:[EMAIL PROTECTED] Behalf Of Martin
> Fluch
> Sent: Monday, August 20, 2001 5:19 PM
>
> > I would rather give people as little information about the system as
> > possible. There is also a risk (however slight) that
> /bin/false could
> I would rather give people as little information about the system as
> possible. There is also a risk (however slight) that /bin/false could
> be replaced with a bash program. I don't believe that this could be
> done with /dev/null (or could it ?)
It's not a problem
> etc running) as follows:
> > username:x:1000:1000:Mr User,,,:/home/homedir:/dev/null
> >
> > I noticed that the shell can also be put as /bin/false as in ftp
> >
> > I prefer /dev/null as the user is instantaneously
> disconnected without any
> > messages.
* Ian Perry ([EMAIL PROTECTED]) [010816 20:11]:
> Hi,
>
> Quick question.
> I have been using /dev/null to prevent shell logins (yet still leave pop3
> etc running) as follows:
> username:x:1000:1000:Mr User,,,:/home/homedir:/dev/null
>
> I noticed that the shell can also
On 17 Aug 2001 12:55:35 +1000, Ian Perry wrote:
> Hi,
>
> Quick question.
> I have been using /dev/null to prevent shell logins (yet still leave pop3
> etc running) as follows:
> username:x:1000:1000:Mr User,,,:/home/homedir:/dev/null
>
> I noticed that the shell can also
Hi,
Quick question.
I have been using /dev/null to prevent shell logins (yet still leave pop3
etc running) as follows:
username:x:1000:1000:Mr User,,,:/home/homedir:/dev/null
I noticed that the shell can also be put as /bin/false as in ftp
I prefer /dev/null as the user is instantaneously
I heard that Miquel van Smoorenburg wrote this on 30/10/00:
> Ah, way too big ...
>
(snip...)
>
> Compile with cc -s -o false -nostdlib false.c
>
[EMAIL PROTECTED]:~$ cc -s -o false -nostdlib false.c
false.c: In function `exit':
false.c:6: warning: function declared `noreturn' has a `return' st
In article <[EMAIL PROTECTED]>,
sena <[EMAIL PROTECTED]> wrote:
>I heard that Jonathan Markevich wrote this on 29/10/00:
>
>> However, writing one in C proved to be simple, and an afternoon's worth
>> of fun.
>>
>--(snip - false.c)--
> int main() { return 1; }
>--(snip - false.c)--
>10 seco
On Mon, 30 Oct 2000, sena wrote:
> I heard that Jonathan Markevich wrote this on 29/10/00:
>
> > 32 bytes, huh? 24 for your source above (with spaces). Might as well
> > compile it yourself.
> >
> Or, as in C the return type of a function defaults to int, we could write:
> main(){return 1;
sel" -- I
> believe it's all on www.catseye.mb.ca...) Actually, this may be more of an
> appropriate job for the language FALSE. Should we set up a sourceforge
> project for this?
>
Python, Scheme, Pascal, BASIC (ugh..), whatever.. Why not make a kind of
"hello world&qu
for the language FALSE. Should we set up a sourceforge
project for this?
> > Oh writing it sure didn't take all afternoon, but the fun did. My current
> > /bin/false is a compiled ELF file, and I don't really know if it's mine or
> > Potato's (it's been
it... :)
> Oh writing it sure didn't take all afternoon, but the fun did. My current
> /bin/false is a compiled ELF file, and I don't really know if it's mine or
> Potato's (it's been a long time).
>
Potato's /bin/false has "a378dbf982c7694b173cd87ecc
On Sat, Oct 28, 2000 at 03:20:15PM -0700, kmself@ix.netcom.com wrote:
> > also, i noticed that some accounts which are disabled are given a shell of
> > /bin/false:
> >
> > ftp:x:100:65534::/home/ftp:/bin/false
> >
> > tiger seemed to hate this too. i
on Sat, Oct 28, 2000 at 10:06:56AM -0700, Peter Jay Salzman ([EMAIL PROTECTED])
wrote:
> also, i noticed that some accounts which are disabled are given a shell of
> /bin/false:
>
> ftp:x:100:65534::/home/ftp:/bin/false
>
> tiger seemed to hate this too. i tried playin
Flavio Alberto ([EMAIL PROTECTED]) said:
> I'm find /bin/false for intall in my Debian box?
apt-get install shellutils
.adam
--
[<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>]
[ icq #3354423 | lazur.org | clustermonkey.org ]
on Sat, Oct 28, 2000 at 07:27:56PM -0200, Flavio Alberto ([EMAIL PROTECTED])
wrote:
> I'm find /bin/false for intall in my Debian box?
If you're looking for the package in which it's included:
$ dpkg -S /bin/false
shellutils: /bin/false
The file itself simply returns
I'm find /bin/false for intall in my Debian box?
On Mon, 7 Jul 1997, Alex Romosan wrote:
> >> I don't know about other Unices but at least IRIX has it's /bin/true and
> >> /bin/false set to shell scripts as well. It seems that Debian's no worse
> >> off than SGIs and other Linux distributions at
>> I don't know about other Unices but at least IRIX has it's /bin/true and
>> /bin/false set to shell scripts as well. It seems that Debian's no worse
>> off than SGIs and other Linux distributions at least.
>
>If there exists at least ONE really insecure Un
>>>>> "EAP" == Eloy A Paris <[EMAIL PROTECTED]> writes:
EAP> I do not know much about security but Debian's /bin/false is also
EAP> a shell script. Are we at risk? Shouldn't /bin/false be changed
EAP> to a compiled version?
That's no risk
Jesse Goldman wrote,
:true or false. Maybe it's an executable on an Alpha?
Yep, it is on a DIGITAL Unix. In fact it is a binary file
that returns false (1).
Just me,
Wire ...
--
Tan Wee Yeh [EMAIL PROTECTED] [EMAIL PROTECTED]
For PGP public key : fing
Yeah, I checked a Solaris machine and I also checked an old DEC with the
same results. In fact, on the DEC, there aren't even shell scripts, just a
text file with an "exit 0" or an "exit 1" depending on whether you want
true or false. Maybe it's an executable on an Alpha?
J. Goldman
--
TO UNS
On Sun, Jul 06, 1997 at 02:56:41AM -0500, Jesse Goldman wrote:
> I don't know about other Unices but at least IRIX has it's /bin/true and
> /bin/false set to shell scripts as well. It seems that Debian's no worse
> off than SGIs and other Linux distributions at least
Hi,
I don't know about other Unices but at least IRIX has it's /bin/true and
/bin/false set to shell scripts as well. It seems that Debian's no worse
off than SGIs and other Linux distributions at least.
J. Goldman
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word &
llow pages"). The server uses them to get the information about
uid number and groups to which users belong. These accounts can be
pretty minimal in the sense that Samba will be quite happy with an
entry which has '*' in a password field and /bin/false for a
shell (`real' Unix lo
33 matches
Mail list logo
