Bugtraq mailing list archives
Re: /etc/shells (was Re: procmail)
From: ebradley () andromeda rutgers edu (Eugene Bradley)
Date: Thu, 8 Aug 1996 13:53:01 -0400
-----BEGIN PGP SIGNED MESSAGE----- on Aug 8, der Mouse <mouse () Collatz McRCIM McGill EDU> writes: [deletia] # I can see only two solutions. One would be to make each service # maintain its own list of users that are forbidden (or, alternatively, # allowed); the other would be to extend the passwd database (or, # equivalently, maintain a parallel database) so as to allow tagging each # user with arbitrary flags like "ftp access allowed" or "mail forward to # pipe forbidden". # # Anyone have any comments on either, or any other alternatives to # suggest? I kinda like der Mouse's latter idea. In fact, here are some ideas for the flags that can be used in a passwd database that root can edit in as necessary. I don't know if some UNIX OSes support this feature currently in the form of kernel flags; this is an idea I have off the top of my head. Flag Attribute - ---- --------- chsh/nochsh do (not) allow the user to change shells via chsh pipe/nopipe do (not) allow mail forwarding to a pipe ftp/noftp do (not) allow the user to write/read dot files via ftp rhosts/norhosts do (not) allow ~/.rhosts to be created by the user anon/noanon do (not) permit anonymous ftp file transfers to a user's account Let me know if this idea can be expanded on or has already been implemented. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMgopahskmjHS+zH1AQGqxQP/QUjLq6BsoDfie4n/S2ChjQ79NaHMeWN7 xbBkMzCccBmgrQpcEP5bO6bg0WXpXK3EX7/tBTlyIzqAYm9zRlrWsWXJbKDmwIaC nbCTTUNTJHgsGY/MIrtcikc9lJMRdLXRyBx9g583CGoH1lZa2O4LXdMRR1Yy58Z/ 7/uqtvwcWR0= =gYfo -----END PGP SIGNATURE----- -- Eugene Bradley | finger me for my PGP public key webmaster of misery.winter.org PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E <a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>
Current thread:
- /etc/shells (was Re: procmail) der Mouse (Aug 08)
- Re: /etc/shells (was Re: procmail Jauder Ho (Aug 08)
- Re: /etc/shells (was Re: procmail BriaNeiLevine (Aug 08)
- Re: /etc/shells (was Re: procmail Douglas Song (Aug 08)
- Re: /etc/shells (was Re: procmail Junya Ho (Aug 08)
- Re: /etc/shells (was Re: procmail Shaun Lowry (Aug 09)
- <Possible follow-ups>
- Re: /etc/shells (was Re: procmail) Rob Payne (Aug 08)
- Re: /etc/shells (was Re: procmail) Eugene Bradley (Aug 08)
- Re: /etc/shells (was Re: procmail) Valdis.Kletnieks () vt edu (Aug 08)
- Re: /etc/shells (was Re: procmail) Todd Vierling (Aug 08)
- Re: /etc/shells (was Re: procmail) Julian Assange (Aug 08)
- Re: /etc/shells (was Re: procmail) Theo de Raadt (Aug 08)
- Re: /etc/shells (was Re: procmail) Sam Quigley (Aug 08)
- Re: /etc/shells (was Re: procmail) W Lee Nussbaum (Aug 08)
- Re: /etc/shells (was Re: procmail) Douglas Song (Aug 08)
- Re: /etc/shells (was Re: procmail Jauder Ho (Aug 08)
- Re: /etc/shells (was Re: procmail) Adam Bauer (Aug 08)