The way I have my system setup is that the users come in through xfbb. If they are
then
validated by me and they ALSO set a password, then it creates an entry in passwd
that has user and group id set to the BBS, but with no shell specified using
the password they gave me. So they can't telnet in, but they can do pop, and
sendmail. I also add an entry to the nnrp.access to allow them to read nntp
messages. I checked the pop source to make sure that this would work, though
I didn't remember having to make any changes there.
Other programs, ftp at least, won't allow users without any known
shells to login. I think this should be okay, but still I'm not a super expert on
these
security issues. Any comments?
-----Original Message-----
From: Robert Schelander <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, September 27, 1999 2:43 PM
Subject: Security for amateurradio TCP/IP server!
>Hi!
>
>I would be glad if you could tell me about the steps you've taken on your
>TCP/IP servers.
>Automatic creation of users at their first login would be desirable, but I'm
>not
>sure if it is a good idea that anybody automaticalls gets telnet access.
>Just in case I want to do so, how to keep the system secure?
>Which rights are really necessary? What about rights for the /etc directory?
>Is it required that everybody can read the configuration of the server for
>executing various commands?
>What about /cgi-bin scripts? I've scripts which only run, when the SUID is
>set.
>Are there any possibilities to do encrypted telnet sessions? Encypted SMTP,
>POP3?
>
>All hints for other security references are welcome.
>
>Thanks
>Robert
>
>
