Security Basics mailing list archives
RE: SSH mail server experiments
From: Tony Kava <securityfocus () pottcounty com>
Date: Thu, 7 Aug 2003 16:53:51 -0500
By default I believe most FTP daemons will not allow a user to login without a valid shell. A valid shell is a shell that is listed in the file /etc/shells . If you add their shell to /etc/shells it may work, however I hope that this is a convenience move rather than a security move because if they can access any application by SSH (pine, whatever) there will almost certainly be a way they can exploit it to gain shell access to the system. Simply changing a user's shell is not a sufficient security measure. -- Tony Kava Network Administrator Pottawattamie County, Iowa -----Original Message----- From: chris Verhagen [mailto:chrisaster24747 () hotmail com] Sent: Thursday, 07 August, 2003 12:20 To: security-basics () securityfocus com Subject: SSH mail server experiments A week ago I started a webhosting service for subdomains at http://crystal-ninja.cjb.net . Now, ofcourse, people need to ftp into their public_html directory in their home dirs. I'm using proFTPd for that. But now for the problem: I just got the idea to make a funny mail service. People should be able to just SSH into my server and instead of a shell, /bin/mail is loaded and they can do their thing. I've encountered problems with that... when experimenting i noticed it worked fine to just change /bin/bash in the passwd file to /bin/mail, but when i do this, people cant log into the FTP server anymore... Is there an easy solution for this problem? Remember, i only want them to be able to use /bin/mail! No shell! _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SSH mail server experiments chris Verhagen (Aug 07)
- RE: SSH mail server experiments Skibi de LaPies (Aug 07)
- Re: SSH mail server experiments Brad Mills (Aug 08)
- RE: SSH mail server experiments stephen at unix dot za dot net (Aug 08)
- Re: SSH mail server experiments Jan De Luyck (Aug 08)
- <Possible follow-ups>
- RE: SSH mail server experiments Tony Kava (Aug 07)
- Re: SSH mail server experiments Adam Newhard (Aug 08)
- Re: SSH mail server experiments Joel A. Chornik (Aug 08)
- RE: SSH mail server experiments Meidinger Chris (Aug 18)
- Re: SSH mail server experiments Christian Müller (Aug 19)
- RE: SSH mail server experiments Skibi de LaPies (Aug 07)