LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   problems with /bin/false (https://www.linuxquestions.org/questions/slackware-14/problems-with-bin-false-357941/)

reactnet 08-28-2005 10:10 PM
problems with /bin/false
 
I am using vsftpd 2.0.3 installed from source and recently I have this problem. Users with /bin/false can't log in . When I put /bin/bash everything it's okay. Anyone can help me ? Thanks

btmiller 08-28-2005 10:14 PM
Is /bin/false in /etc/shells? Most ftpds will not allow users to log in unless their shell is in /etc/shells. You can just add /bin/false to this file (i usually copy /bin/false to /bin/ftponly so I can remember what it's there for :)).

major.tom 08-28-2005 11:31 PM
I believe using /bin/false is a security measure to prevent them from being able to login. For that reason, I would not add it to /etc/shells. If your user must be able to login, I would give them a "real" shell (eg. bash). Or you could try by adding /bin/true to /etc/shells and give them that as a default.

In my unmodified /etc/shells, /bin/false is not listed, but it is the default shell for several user id's which should not need login access.

Garry

reactnet 08-29-2005 03:15 AM
I try the variant with adding /bin/false in /etc/shells, and now my users can log in on ftp chrooted with -s /bin/false ..so they don't have access on ssh or telnet(shell). Whatever I think this is an issue with vsftpd, because security is the first goal and maybe in in next version it will be fixed. Thank you both.

btmiller 08-29-2005 09:34 PM
It's not an issue, it's pretty standard behavior for an ftp server.Adding /bin/false to /etc/shells will not magically grant users with /bin/false as their shell the ability to login (after all it's a program that does nothing, which is pretty useless for a login shell). That's why it can be used as a "shell" for people who only need ftp access. Of course, you don't necessarily want all /bin/false users to necessarily be allowed ftp, which is why I copy it to /bin/ftponly as described above.

major.tom 08-29-2005 10:19 PM
Aha! Now I get your thinking.

You copy /bin/false to /bin/ftponly, then add /bin/ftponly to /etc/shells and setup the users you want to have ftp access only with /bin/ftponly.

I like that idea, especially since it doesn't open up any other doors (such as allowing system users ftp access).

Please excuse my thickness. :D

Garry


All times are GMT -5. The time now is 06:16 PM.