[Gllug] ftp security

John Edwards john_ed at cornerstonelinux.co.uk
Mon Oct 22 16:42:06 UTC 2001


On Mon, Oct 22, 2001 at 05:38:29PM +0100, will wrote:
> ----- Original Message -----
> From: "John Edwards" <john_ed at cornerstonelinux.co.uk>
> To: <gllug at linux.co.uk>
> Sent: Monday, October 22, 2001 5:16 PM
> Subject: Re: [Gllug] ftp security
> 
> <snip>
> > (eg set the shell to /bin/false).
> 
> I have seen people set the shell to both /bin/true /bin/false for FTP only
> users.  What would be the difference or advantages/disadvantages of either?
> 
> (I can't see that there would be any).
> 
> Will.

Arrr, the answer lies in the man pages.
"man true":  Exit with a status code indicating success.
"man false": Exit with a status code indicating failure.

The difference is the error code they return. If you run a command as a 
user with /bin/true shell then it will return an error code to say it 
succeeded when in fact it did not. /bin/false will always return back an 
error code saying that it has failed. I think the later is more accurate 
to the situation of an ftp user and will prevent problems with commands 
thinking they have worked when they have not.


-- 
#------------------------------------------------------------#
|      John Edwards    Email: John.Edwards at uk.com            |
|                                                            |
|     "Security vulnerabilities are here to stay."           |
|   Scott Culp, Manager, Microsoft Security Response Center  |
#------------------------------------------------------------#

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list