Re: ftp access

From: Carroll Kong (damascus@home.com)
Date: 02/28/01 

Date: Wed, 28 Feb 2001 00:30:30 -0500
To: Roelof Osinga <roelof@eboa.com>
From: Carroll Kong <damascus@home.com>

At 05:47 AM 2/28/01 +0100, Roelof Osinga wrote:
>Rob Simmons wrote:
> >
> > /sbin/nologin as the user's shell. You also have to add this shell to
> > /etc/shells
>
>Alas, no.
>
>Not on 4.2 anyway. Just today - ok, technically yesterday, but who's
>counting? - I realized that the client was right after all. He could
>not log in indeed. Due to /sbin/nologin.
>
>When using regular ftpd. Using ProFTPd no problem.
>
>Ah, as a matter of fact, I was using inetd. Haven't tried
>daemon mode with 4.2 yet. Who knows? There might be hope, still.
>
>Roelof

That is odd. The reason why ftpd does not work is because........ man ftpd
shows

            4. The user must have a standard shell returned by
                 getusershell(3).

So, man getusershell shows

      The getusershell() function returns a pointer to a legal user shell as
      defined by the system manager in the file /etc/shells. If /etc/shells is
      unreadable or does not exist, getusershell() behaves as if /bin/sh and
      /bin/csh were listed in the file.

         This is very odd, unless I am forgetting something I did, I JUST
did this with a client two days ago on 4.2-STABLE. Telnet results in "not
authorized" or something like that, and ftpd lets them in happily. Same
user name and all. Please look it over, I am outright positive it
works! (ok, maybe 99.99999% sure). What is the error message? User
denied? Check man ftpd for that list of "reasons why ftpd would tell your
user to go away".

-Carroll Kong

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: ftp access
    ... Roelof Osinga wrote: ... >> The getusershell() function returns a pointer to a legal user ... >> authorized" or something like that, and ftpd lets them in happily. ... saying that your cat /etc/shells | grep nologin is going to return nothing. ...
    (FreeBSD-Security)
  • Re: ftp hangs
    ... haven't tried to make ftpd available from the internet through my ... But firewall issues are a lot more complex than with telnet or ssh. ... Well, I am no fan of Windoze, but for occasional ftp use, the built in command line client is OK. ... Since that client is BSD it *should* be possible to request the ftpd ...
    (comp.unix.solaris)
  • a xinted like program
    ... add all port number into FDSET and use selectto ... If I add ftpd in my xinted services list and the port number is 9999. ... I listen port 9999,and accept the require from client then get a fd. ...
    (comp.unix.programmer)
  • a xinted like program
    ... add all port number into FDSET and use selectto ... If I add ftpd in my xinted services list and the port number is 9999. ... I listen port 9999,and accept the require from client then get a fd. ...
    (comp.os.linux.development.apps)