Stig Hackv�n <[EMAIL PROTECTED]> writes:
> On Wed, Jan 26, 2000 at 09:23:39PM -0800, Faried Nawaz wrote:
>> And how does someone with /bin/false as their shell put commands in
>> their .qmail files?
> ftp is one way.
So don't put /bin/false in /etc/shells. Why would you want to do this
anyway?
On a stock qmail installation, no users who should not be running
arbitrary commands with their own privileges on the system should be
allowed to create .qmail files. There are various ways of preventing
this; one obvious one is to make their home directory owned by someone
other than them and not writeable by them so that they can't upload files
to it (but can still put files in their web directories or the like).
qmail has no built-in mechanism to support the "limited execution" mode
that sendmail implements with smrsh; if you want that, you can modify
qmail to invoke a limited shell rather than /bin/sh.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
