Path: utzoo!attcan!uunet!bloom-beacon!think!husc6!rice!sun-spots-request From: perry@morgan.com (Perry Metzger) Newsgroups: comp.sys.sun Subject: Re: Ftp daemon should not check /etc/shells ! Keywords: Miscellaneous Message-ID: <1721@brazos.Rice.edu> Date: 27 Sep 89 14:28:36 GMT Sender: root@rice.edu Organization: Sun-Spots Lines: 50 Approved: Sun-Spots@rice.edu X-Sun-Spots-Digest: Volume 8, Issue 139, message 1 of 11 In article <1701@brazos.Rice.edu> T20@psuvm.bitnet (Stephen G. Simpson) writes: >X-Sun-Spots-Digest: Volume 8, Issue 136, message 5 of 13 [Flame about FTP checking /etc/shells. Notable bits include...] >In my opinion, this is a bug in ftp rather than in the /etc/passwd >procedure. Ftp should realize that the system administrator may want to >change a user's default login shell to something unusual without putting a >corresponding line into /etc/shells. It is obnoxious of ftp to assume >that an account with an unusual shell (not listed in /etc/shells) is ipso >facto illegitimate. FTP checks /etc/shells for an VERY good reason! It was set up that way to keep people from doing FTP to accounts that have been set up with special shells. These accounts might have very limited priviledges, but FTP would allow you to break out and gain higher priviledges from another machine if it weren't for /etc/shells. (If you don't believe me, think about what you could do to, say, the per user crontab, or even .profile for a restricted shell.) >In my opinion this behavior (on the part of the ftp daemon) is not in >accordance with the Unix philosophy that users are permitted to use a >shell of their choosing, provided the system administrator allows it. Why isn't it? The system administrator indicates his willingness to let you use a shell by putting it in /etc/shells, and you go and use chsh to change your shell to it, and everyone is happy. The FTP daemon knows you have a normal account, you have the shell you want, and the system administrator doesn't have to change everyone's shell for them all the time. (Think how much of a hassle it would be at a big site if the system administrator had to change peoples shells for them several times a day!) /etc/shells keeps you from possibly shooting yourself in the foot while using chsh. It also keeps other people from maliciously altering your shell when you leave your terminal alone. It also serves an important security purpose; it lets ftpd determine if you are running a restricted shell of some sort or not, which we will get to in a moment. You seem to want to "fix" this just so that you and your system administrator can do something odd, which is let you use a shell that isn't in /etc/shells. Why not just put it there and be done with it? You and your system administrator don't appear to want to change /etc/shells to keep people from using the special shell you want to use because you think bash is dangerous or something. Why not just let people, in the Unix Philosophy style, decide for themselves if they want to use it? Novices aren't going to fool with chsh on their own, so its unlikely that they will shoot themselves in the foot, and experienced people should accept the consequences. This is much easier to live with than putting a secur ity breach into Unix. Perry Metzger This message doesn't constitute my opinion. Actually, I'm just typing on behalf of my pet Iguana, Fred.