Ftp daemon should not check /etc/shells !

Thu Sep 28 00:28:36 AEST 1989

In article <1701 at brazos.Rice.edu> T20 at psuvm.bitnet (Stephen G. Simpson) writes:
>X-Sun-Spots-Digest: Volume 8, Issue 136, message 5 of 13
[Flame about FTP checking /etc/shells. Notable bits include...]

>In my opinion, this is a bug in ftp rather than in the /etc/passwd
>procedure.  Ftp should realize that the system administrator may want to
>change a user's default login shell to something unusual without putting a
>corresponding line into /etc/shells.  It is obnoxious of ftp to assume
>that an account with an unusual shell (not listed in /etc/shells) is ipso
>facto illegitimate.

FTP checks /etc/shells for an VERY good reason! It was set up that way to
keep people from doing FTP to accounts that have been set up with special
shells.  These accounts might have very limited priviledges, but FTP would
allow you to break out and gain higher priviledges from another machine if
it weren't for /etc/shells. (If you don't believe me, think about what you
could do to, say, the per user crontab, or even .profile for a restricted
shell.)

>In my opinion this behavior (on the part of the ftp daemon) is not in
>accordance with the Unix philosophy that users are permitted to use a
>shell of their choosing, provided the system administrator allows it. 

Why isn't it? The system administrator indicates his willingness to let
you use a shell by putting it in /etc/shells, and you go and use chsh to
change your shell to it, and everyone is happy. The FTP daemon knows you
have a normal account, you have the shell you want, and the system
administrator doesn't have to change everyone's shell for them all the
time. (Think how much of a hassle it would be at a big site if the system
administrator had to change peoples shells for them several times a day!)

/etc/shells keeps you from possibly shooting yourself in the foot while
using chsh. It also keeps other people from maliciously altering your
shell when you leave your terminal alone.

It also serves an important security purpose; it lets ftpd determine if
you are running a restricted shell of some sort or not, which we will get
to in a moment.

You seem to want to "fix" this just so that you and your system
administrator can do something odd, which is let you use a shell that
isn't in /etc/shells. Why not just put it there and be done with it?

You and your system administrator don't appear to want to change /etc/shells to keep people from using the special shell you want to use because you think bash is dangerous or something.  Why not just let people, in the Unix Philosophy style, decide for themselves if they want to use it? Novices aren't going to fool with chsh on their own, so its unlikely that they will shoot themselves in the foot, and experienced people should accept the consequences. This is much easier to live with than putting a secur

ity breach into Unix.

Perry Metzger

This message doesn't constitute my opinion. Actually, I'm just typing
on behalf of my pet Iguana, Fred.