Vulnerability Development mailing list archives

Re: wu-ftpd and /etc/passwd

From: thomasv () APPLE COM (Thomas Vincent)
Date: Mon, 17 Jul 2000 08:18:32 -0700


WU-FTPD under Solaris will still allow you to login even if you have noshell
or nologin as the shell. The best noshell.c I have seen comes with the Dan
Farmer and companies Titan distribution at http://www.fish.com .

--
Cheers,
Thomas Vincent

-------------------------------------------
Thomas Vincent    | Apple Computer - IS&T |
thomasv () apple com | http://www.apple.com  |

If you put /bin/noshell into your /etc/shells, users should be able to
connect via ftp. The most common option is to use /bin/false or /bin/true
(depends on your view of life :) as a shell for users that should not be
able to log in. Make sure /bin/false and /bin/true are binaries; older
versions (at least under linux) were shell scripts and might open a race
condition.

Current thread:

wu-ftpd and /etc/passwd Chico (Jul 13)
- Re: wu-ftpd and /etc/passwd Tarhon-Onu Victor (Jul 13)
- Re: wu-ftpd and /etc/passwd Fabio Roccatagliata (Jul 13)
- Re: wu-ftpd and /etc/passwd Bastian Friedrich (Jul 13)
  - Re: wu-ftpd and /etc/passwd Thomas Vincent (Jul 17)
- Re: wu-ftpd and /etc/passwd Jon Paul, Nollmann (Jul 13)