*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I set up a mail filter and would like to call it via the .forward file.
For some users I get an error message like this:
...user cannot communicate with programs since it does not have a valid shell...
I would like to give them one. Are there any security risks of doing so?
And how to do it?
I figured it out:
it is chpass -s /path/to/shell
or something like that.
I tried it and works: the shell I specified was /usr/bin/passwd.
However, a man who is supposed to be our system administrator
told me not to do that since these users can receive mails from the
outside world, and it is a security risk if they have a valid shell, too.
I wonder why as he himself prepared 10 users who receive mail
from the outside and had a valid shell, too. I planned to prepare the
remaining 4, who have the majority of mails. If I could filter the mails
of those four, too, the e-mail virus threat would reduced to (almost) zero.
What is your opinion about the risk of valid shell for users receiving
mail from the outside? Is it actually a risk?
> I assume these are real live people logging into accounts
Yes. They have windows client machines, who connect to the FreeBSD server using samba. The shells of most of them are limited to /usr/bin/passwd, and some of them do not even have a valid shell on their business username (but all have a valid shell on their personal username).
> I don't know what mail server you're running
Sendmail + mail (for filtering purposes I replaced mail with procmail for some users via .forward files in their home directories)
> Is the Mailserver on the same box as the users /home/mboxes?
Yes. The mailboxes are on the FreeBSD server, to which they connect using Outlook.
> If the user has no root priveleges then can an infected email harm more than his directory?
Yes, it can destroy their Windows machines and all available shares on the FreeBSD server.
My latest findings:
Procmail and the e-mail sanitizer work when a user has /usr/bin/passwd as his shell.
Formail, however, does not work unless the user's shell is /usr/local/bin/bash.
What is the reason?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
