[Gllug] ftp security
John Edwards
john_ed at cornerstonelinux.co.uk
Mon Oct 22 16:42:06 UTC 2001
On Mon, Oct 22, 2001 at 05:38:29PM +0100, will wrote:
> ----- Original Message -----
> From: "John Edwards" <john_ed at cornerstonelinux.co.uk>
> To: <gllug at linux.co.uk>
> Sent: Monday, October 22, 2001 5:16 PM
> Subject: Re: [Gllug] ftp security
>
> <snip>
> > (eg set the shell to /bin/false).
>
> I have seen people set the shell to both /bin/true /bin/false for FTP only
> users. What would be the difference or advantages/disadvantages of either?
>
> (I can't see that there would be any).
>
> Will.
Arrr, the answer lies in the man pages.
"man true": Exit with a status code indicating success.
"man false": Exit with a status code indicating failure.
The difference is the error code they return. If you run a command as a
user with /bin/true shell then it will return an error code to say it
succeeded when in fact it did not. /bin/false will always return back an
error code saying that it has failed. I think the later is more accurate
to the situation of an ftp user and will prevent problems with commands
thinking they have worked when they have not.
--
#------------------------------------------------------------#
| John Edwards Email: John.Edwards at uk.com |
| |
| "Security vulnerabilities are here to stay." |
| Scott Culp, Manager, Microsoft Security Response Center |
#------------------------------------------------------------#
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list