Security Basics mailing list archives
Re: SSH mail server experiments
From: "Joel A. Chornik" <seguridad () elserver com>
Date: Fri, 8 Aug 2003 08:07:49 -0300
Well, proftpd does not actually require the user to have a shell. http://proftpd.linux.co.uk/localsite/Userguide/linked/config_ref_RequireValidShell.html Just set RequireValidShell to off and that's it. Joel A. Chornik ELSERVER.COM Buenos Aires, Argentina. ----- Original Message ----- From: "Tony Kava" <securityfocus () pottcounty com> To: "'chris Verhagen'" <chrisaster24747 () hotmail com>; <security-basics () securityfocus com> Sent: Thursday, August 07, 2003 6:53 PM Subject: RE: SSH mail server experiments
By default I believe most FTP daemons will not allow a user to login
without
a valid shell. A valid shell is a shell that is listed in the file /etc/shells . If you add their shell to /etc/shells it may work, however
I
hope that this is a convenience move rather than a security move because
if
they can access any application by SSH (pine, whatever) there will almost certainly be a way they can exploit it to gain shell access to the system. Simply changing a user's shell is not a sufficient security measure. -- Tony Kava Network Administrator Pottawattamie County, Iowa -----Original Message----- From: chris Verhagen [mailto:chrisaster24747 () hotmail com] Sent: Thursday, 07 August, 2003 12:20 To: security-basics () securityfocus com Subject: SSH mail server experiments A week ago I started a webhosting service for subdomains at http://crystal-ninja.cjb.net . Now, ofcourse, people need to ftp into
their
public_html directory in their home dirs. I'm using proFTPd for that. But now for the problem: I just got the idea to make a funny mail service. People should be able to just SSH into my server and instead of a shell, /bin/mail is loaded and they can do their thing. I've encountered problems with that... when experimenting i noticed it worked fine to just change /bin/bash in the passwd file to /bin/mail, but when i do this, people cant log into the FTP server anymore... Is there an easy solution for this problem? Remember, i only want them to
be
able to use /bin/mail! No shell! _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SSH mail server experiments chris Verhagen (Aug 07)
- RE: SSH mail server experiments Skibi de LaPies (Aug 07)
- Re: SSH mail server experiments Brad Mills (Aug 08)
- RE: SSH mail server experiments stephen at unix dot za dot net (Aug 08)
- Re: SSH mail server experiments Jan De Luyck (Aug 08)
- <Possible follow-ups>
- RE: SSH mail server experiments Tony Kava (Aug 07)
- Re: SSH mail server experiments Adam Newhard (Aug 08)
- Re: SSH mail server experiments Joel A. Chornik (Aug 08)
- RE: SSH mail server experiments Meidinger Chris (Aug 18)
- Re: SSH mail server experiments Christian Müller (Aug 19)
- RE: SSH mail server experiments Skibi de LaPies (Aug 07)