On Wednesday 27 June 2001 19:07, [EMAIL PROTECTED] wrote:
>
> And if I'm not mistaken, if they are somehow now able to execute the
> chsh command, then they have a valid shell account they can log in
> to. :-(
>
> While they shouldn't be able to run chsh, or the equivalent, putting
> their shell in /etc/shells puts them that much closer to an account.
Yep but "false" (or "true") is NOT a shell. So they won't be able to
execute chsh and change their login shell to a real one.
Moreover, I think it's a good idea to disable ftp for people with a
"real" valid shell (ie only include pseudo shells in /etc/shells) as it
isn't a secure protocol.
JM
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
