Subject: bin/26266: ftpd check of /etc/shells obsoleted by ftpd.conf, ftpusers, etc.
To: None <gnats-bugs@gnats.netbsd.org>
From: None <John.P.Darrow@wheaton.edu>
List: netbsd-bugs
Date: 07/12/2004 16:12:11
>Number: 26266
>Category: bin
>Synopsis: ftpd check of /etc/shells obsoleted by ftpd.conf, ftpusers, etc.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Jul 12 21:23:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: John Darrow
>Release: all through 2004-07-12
>Organization:
Wheaton College Computing Services
>Environment:
System: NetBSD jdarrowpiii.wheaton.edu 1.6.2_STABLE NetBSD 1.6.2_STABLE (JDARROW) #0: Tue Jun 1 14:20:33 CDT 2004 jdarrow@nahor.wheaton.edu:/var/src.release-1-6/sys/arch/i386/compile/JDARROW i386
Architecture: i386
Machine: i386
>Description:
Back in the days before ftpd.conf, etc. existed, it was useful that
ftpd didn't allow users with "non-standard" shells to log in via ftp,
as this provided the only way to keep e.g. users whose logins take
them directly into some sort of restricted system from getting in and
messing with files in ways they shouldn't be able to.
Nowadays, such things as ftpd.conf, ftpusers, and ftpchroot provide a
direct way to control which users are allowed to log in via ftp. As
such, the /etc/shells check has become outmoded, and can even inhibit
certain useful functionality (e.g. ftp-only users). The fact that
ftpd's man page shows an ugly workaround for this check reinforces
that the check has outlived its usefulness.
>How-To-Repeat:
Attempt to add a non-anonymous, ftp-only user to a system. Explicitly
allow the user in ftpusers/ftpd.conf, only to find it is still blocked
by /etc/shells check. Read ftpd(8), cringe at ugly workaround
(copying /sbin/nologin to /sbin/ftplogin and adding that to
/etc/shells).
>Fix:
It's possible that some standards may include this check, and some
sites may still rely on it despite better means being available, so as
such, it shouldn't be removed completely, but it should be configurable.
Easiest but least flexible is to simply #ifdef out the getusershell
checks.
Better would be to provide a command line switch to ftpd to remove this
check.
Even more flexible would be to add a user or class attribute in
ftpd.conf/ftpusers to bypass the check by specific users or classes.
I could pretty easily roll a patch for either of the first two options,
the second would take a bit more work.
>Release-Note:
>Audit-Trail:
>Unformatted: