Security Basics mailing list archives

RE: SSH mail server experiments

From: Tony Kava <securityfocus () pottcounty com>
Date: Thu, 7 Aug 2003 16:53:51 -0500

By default I believe most FTP daemons will not allow a user to login without
a valid shell.  A valid shell is a shell that is listed in the file
/etc/shells .  If you add their shell to /etc/shells it may work, however I
hope that this is a convenience move rather than a security move because if
they can access any application by SSH (pine, whatever) there will almost
certainly be a way they can exploit it to gain shell access to the system.
Simply changing a user's shell is not a sufficient security measure.

--
Tony Kava
Network Administrator
Pottawattamie County, Iowa



-----Original Message-----
From: chris Verhagen [mailto:chrisaster24747 () hotmail com]
Sent: Thursday, 07 August, 2003 12:20
To: security-basics () securityfocus com
Subject: SSH mail server experiments


A week ago I started a webhosting service for subdomains at 
http://crystal-ninja.cjb.net . Now, ofcourse, people need to ftp into their 
public_html directory in their home dirs. I'm using proFTPd for that.
But now for the problem: I just got the idea to make a funny mail service. 
People should be able to just SSH into my server and instead of a shell, 
/bin/mail is loaded and they can do their thing.
I've encountered problems with that... when experimenting i noticed it 
worked fine to just change /bin/bash in the passwd file to /bin/mail, but 
when i do this, people cant log into the FTP server anymore...
Is there an easy solution for this problem? Remember, i only want them to be

able to use /bin/mail! No shell!

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

SSH mail server experiments chris Verhagen (Aug 07)
- RE: SSH mail server experiments Skibi de LaPies (Aug 07)
  - Re: SSH mail server experiments Brad Mills (Aug 08)
  - RE: SSH mail server experiments stephen at unix dot za dot net (Aug 08)
- Re: SSH mail server experiments Jan De Luyck (Aug 08)
- <Possible follow-ups>
- RE: SSH mail server experiments Tony Kava (Aug 07)
  - Re: SSH mail server experiments Adam Newhard (Aug 08)
  - Re: SSH mail server experiments Joel A. Chornik (Aug 08)
- RE: SSH mail server experiments Meidinger Chris (Aug 18)
  - Re: SSH mail server experiments Christian Müller (Aug 19)