[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ftp question

To: Nick Holland <nick@holland-consulting.net>
Subject: Re: ftp question
From: Dan Harnett <danh@openbsd.org>
Date: Wed, 1 Aug 2001 12:36:49 -0400
Cc: "Misc @OpenBSD" <misc@openbsd.org>
Content-Disposition: inline
References: <20010731140010.19be88b1.listbsd@terra.com.br> <3B6766C4.B6A5310@holland-consulting.net> <20010801092405.A17280@mail.wzrd.com> <3B680DE2.A045E399@holland-consulting.net>
User-Agent: Mutt/1.2.5i

On Wed, Aug 01, 2001 at 10:10:42AM -0400, Nick Holland wrote:
> Dan Harnett wrote:
> > 
> > I didn't see anyone mention /etc/shells.  ftpd checks /etc/shells for a
> > valid shell (see ftpd(8) and shells(5)).  If /usr/bin/false was not
> > listed, then access is denied whether the user is listed in
> > /etc/ftpchroot or not.
> 
> Experimental evidence indicates to the contrary:

I'm not seeing the same behavior.  Both client and server are 
2.9-stable/i386.  I'm seeing the behavior as described in the man page.
I have not tried this on a recent -current system.

$ grep ^obsd /etc/passwd
obsd:*:5000:5000:Test Account:/home/obsd:/usr/bin/false

$ cat /etc/shells       
#       $OpenBSD: shells,v 1.5 1997/05/28 21:42:20 deraadt Exp $
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/sh
/bin/csh
/bin/ksh

$ cat /etc/ftpchroot
#       $OpenBSD: ftpchroot,v 1.3 1996/07/18 12:12:47 deraadt Exp $
#
# list of users (one per line) given ftp access to a chrooted area.
# read by ftpd(8).
obsd


>From the client:
220 ******  FTP server (Version 6.5/OpenBSD) ready.
Name (******:danh): obsd
530 User obsd access denied.
ftp: Login failed.
ftp> quit
221 Goodbye.

>From the server:
Aug  1 12:21:54 ****** ftpd[13513]: connection from danh.wzrd.com
Aug  1 12:21:56 ****** ftpd[13513]: FTP LOGIN REFUSED FROM danh.wzrd.com, obsd


Now, just changing /etc/shells:
#       $OpenBSD: shells,v 1.5 1997/05/28 21:42:20 deraadt Exp $
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/sh
/bin/csh
/bin/ksh
/usr/bin/false


>From the client again:
220 ****** FTP server (Version 6.5/OpenBSD) ready.
Name (******:danh): obsd
331 Password required for obsd.
Password:
230 User obsd logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls
229 Entering Extended Passive Mode (|||46115|)
150 Opening ASCII mode data connection for '/bin/ls'.
total 5
-rw-r--r--  1 5000  5000  769 Jul 17 10:19 .cshrc
-rw-r--r--  1 5000  5000  318 Jul 17 10:19 .login
-rw-r--r--  1 5000  5000  105 Jul 17 10:19 .mailrc
-rw-r--r--  1 5000  5000  201 Jul 17 10:19 .profile
-rw-------  1 5000  5000  128 Jul 17 10:19 .rhosts
226 Transfer complete.
ftp>

And once again from the server:
Aug  1 12:24:28 ****** ftpd[27222]: connection from danh.wzrd.com
Aug  1 12:24:36 ****** ftpd[27222]: FTP LOGIN FROM danh.wzrd.com as obsd

--
Dan Harnett <danh@openbsd.org>

References:
- Re: ftp question
  - From: Dan Harnett <danh@wzrd.com>
- Re: ftp question
  - From: Nick Holland <nick@holland-consulting.net>

Prev by Date: Re: OpenBSD 2.9 and Sophos Antivirus ?
Next by Date: UDF
Prev by thread: Re: ftp question
Next by thread: anyone have a Netgear MA301 wireless PCI adaptor?
Index(es):
- Date
- Thread