It's probably not a good idea to be using an ftp config that allows users
with non-real shells to log in. That's generally considered a Bad Thing
(tm). If you really want something that supports virtual-style users well,
look into NcFTPd. It's (mostly) commercial, and closed-soruce, but it does
the job very well.
At 11:07 PM 1/27/00 , you wrote:
>On Wed, Jan 26, 2000 at 09:23:39PM -0800, Faried Nawaz wrote:
>> Stig Hackv�n wrote:
>>
>> qmail invokes commands with /bin/sh regardless of the user's login
>shell, so even if a user has /bin/false for a shell, that user's .qmail file
>can be used to gain shell access.
>>
>> And how does someone with /bin/false as their shell put commands in their
>> .qmail files?
>
>ftp is one way.
>
>> i consider this to be a qmail bug.
>>
>> I consider it a site-specific administrative problem.
>
>is it reasonable to use the shell field of the password database to permit
>or deny
>shell access to a username. qmail should respect this.
>
> stig
>
>
>--
>Stig ... Friend of Hacking ... 707-987-3236 work@home
>Hackv�n ... http://hackvan.com ... 415-264-8754 mobile
>We are {b}Org ... http://brainofstig.AI ... [EMAIL PROTECTED]
---
Phil Genera <[EMAIL PROTECTED]>
Sysadmin, http://www.troop474.org/
