Re: Small Design Bug in Postfix - REMOTE

[Valdis.Kletnieks () vt edu]

On Fri, 14 Dec 2007 13:52:33 CST, Adam N said:

> No, the idea is that you are a user with no login access, only FTP.
> By doing this, you get shell access (with sane privileges, thankfully) when
> you're supposed to only have FTP.

And this is why, for at least 2 decades, it's been recommended that people
doing the "FTP-only user" put the writeable directories for that user under
~ftp/$USER or some such, rather than ~$USER, and make the login shell for the
user /bin/false, and other such things.

For bonus points - if it's an FTP-only userid, why does the sysadmin not
have e-mail for the userid *blocked*? After all, if they can't login, they
can't *read* any mail that gets delivered to the system. Even if you fix
the MTA to drop mail directly in $HOME/mbox, it's the rare FTP daemon that
understands the locking needed to make this work - that's the primary
reason why the POP protocol was invented.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/