Bugtraq mailing list archives

Re: /etc/shells (was Re: procmail)

From: ebradley () andromeda rutgers edu (Eugene Bradley)
Date: Thu, 8 Aug 1996 13:53:01 -0400


-----BEGIN PGP SIGNED MESSAGE-----

on Aug 8, der Mouse <mouse () Collatz McRCIM McGill EDU> writes:

[deletia]

# I can see only two solutions.  One would be to make each service
# maintain its own list of users that are forbidden (or, alternatively,
# allowed); the other would be to extend the passwd database (or,
# equivalently, maintain a parallel database) so as to allow tagging each
# user with arbitrary flags like "ftp access allowed" or "mail forward to
# pipe forbidden".
#
# Anyone have any comments on either, or any other alternatives to
# suggest?

I kinda like der Mouse's latter idea.  In fact, here are some ideas
for the flags that can be used in a passwd database that root can
edit in as necessary.  I don't know if some UNIX OSes support this
feature currently in the form of kernel flags; this is an idea I have
off the top of my head.

Flag                    Attribute
- ----                  ---------
chsh/nochsh             do (not) allow the user to change shells via chsh
pipe/nopipe             do (not) allow mail forwarding to a pipe
ftp/noftp               do (not) allow the user to write/read dot files via
                        ftp
rhosts/norhosts         do (not) allow ~/.rhosts to be created by the user
anon/noanon             do (not) permit anonymous ftp file transfers to
                        a user's account

Let me know if this idea can be expanded on or has already been implemented.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMgopahskmjHS+zH1AQGqxQP/QUjLq6BsoDfie4n/S2ChjQ79NaHMeWN7
xbBkMzCccBmgrQpcEP5bO6bg0WXpXK3EX7/tBTlyIzqAYm9zRlrWsWXJbKDmwIaC
nbCTTUNTJHgsGY/MIrtcikc9lJMRdLXRyBx9g583CGoH1lZa2O4LXdMRR1Yy58Z/
7/uqtvwcWR0=
=gYfo
-----END PGP SIGNATURE-----

--
              Eugene Bradley | finger me for my PGP public key
                       webmaster of misery.winter.org
    PGP Fingerprint = 55 70 DE 84 FE E1 3D 50  7F C2 88 22 30 8C 81 9E
   <a href="http://www.armory.com/~ebradley";> Eugene's W^3 Duckpond </a>

Current thread:

/etc/shells (was Re: procmail) der Mouse (Aug 08)
- Re: /etc/shells (was Re: procmail Jauder Ho (Aug 08)
  - Re: /etc/shells (was Re: procmail BriaNeiLevine (Aug 08)
  - Re: /etc/shells (was Re: procmail Douglas Song (Aug 08)
  - Re: /etc/shells (was Re: procmail Junya Ho (Aug 08)
    - Re: /etc/shells (was Re: procmail Shaun Lowry (Aug 09)
- <Possible follow-ups>
- Re: /etc/shells (was Re: procmail) Rob Payne (Aug 08)
- Re: /etc/shells (was Re: procmail) Eugene Bradley (Aug 08)
  - Re: /etc/shells (was Re: procmail) Valdis.Kletnieks () vt edu (Aug 08)
  - Re: /etc/shells (was Re: procmail) Todd Vierling (Aug 08)
    - Re: /etc/shells (was Re: procmail) Julian Assange (Aug 08)
    - Re: /etc/shells (was Re: procmail) Theo de Raadt (Aug 08)
  - Re: /etc/shells (was Re: procmail) Sam Quigley (Aug 08)
    - Re: /etc/shells (was Re: procmail) W Lee Nussbaum (Aug 08)
    - Re: /etc/shells (was Re: procmail) Douglas Song (Aug 08)
- Re: /etc/shells (was Re: procmail) Adam Bauer (Aug 08)