POSIX though I may be wrong and it may the the SUS constrains both these commands to do exactly nothing other than return the appropriate boolean value. This is supposed to help the user understand what happened, though in practice many terminal emulators will simply close when the shell terminates, rendering the message all but unreadable anyway in some cases. Running FTP is to be avoided in any case because sftp which provides similar functionality is similar but secure.
This may open a backdoor if the user is allowed to create cronjobs. In either case, scp will not operate with an invalid shell. Additionally, the choice of shell affects the operation of su - AKA su -l. In either case commands run with su -cl will fail. A third way to disable an account is to set the account expiration date field to an ancient date eg. This will prevent logins in case your setup allows users to authenticate against their unix account without a password and the service they are using requires no shell.
After doing some research on this, the method you use depends on what you have to lock out. Run "ldd vsftpd" and look for libpam to find out whether this has happened or not.
If you have shadowed passwords, does your system have a "shadow. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Improve this answer. This option only has an effect for non-PAM builds of vsftpd.
Simple and easy solution. Another one is to change vsftpd. Comment out this "auth Tonny Tonny 6, 1 1 gold badge 16 16 silver badges 31 31 bronze badges. Diamond 8, 3 3 gold badges 20 20 silver badges 36 36 bronze badges. Filip7 Filip7 1. You just opened a security hole big enough to drive not only a truck, but an entire transatlantic RORO ship filled with trucks, through.
This workaround needs to be removed as suggestion. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Improve this answer. At least BSD implementation also logs the login attempts to syslog as seen in opensource. THIS - Is an amazing answer, with great history presented here. Well done Mark! Add a comment. Mikel Mikel Just a guess I could be wrong.
I just checked both Ubuntu 8. If they were, a user could use chsh to select such a shell and lock himself out of his account. Gilles 'SO- stop being evil' Gilles 'SO- stop being evil' k gold badges silver badges bronze badges.
What is your OS? Rui F Ribeiro It is run as program. It is used a login shell. Community Bot 1. BillThor BillThor 8, 19 19 silver badges 27 27 bronze badges. Oh, how did you come to that conclusion? Please note that I do not agree with pythondetective's answer. I am just speculating what might have lead him to this conclusion. My comment is a little bit late, though. Sign up or log in Sign up using Google.
0コメント