Subject: Re: [netatalk-admins] Valid shell needed for users?
From: Rich Lafferty (rich@alcor.concordia.ca)
Date: Tue Aug 31 1999 - 16:34:51 EDT
Quoting Mike Holling (myke@ees.com) from Tue, Aug 31, 1999 at 02:09:36PM -0600:
> > Usual Behavior. Your ftp daemon probably works the same way. Make
> > their shell something like /bin/false and add /bin/false to /etc/shells
> > and you're all set.
>
> Actually I tried that...I also did a quick grep of the afpd binary for
> "/etc/shells" and came up blank. At this point I'm looking for
> documentation of this feature, since the man page says nothing about it.
Grep-the-binary doesn't always work -- login bits are often hiding in
other libraries. I did an strace here on linuxppc, and found that it
is checking /etc/shells:
[pid 30490] open("/etc/shells", O_RDONLY) = 1
[pid 30490] read(1, "/bin/bash\n/bin/sh\n/bin/ash\n/b"..., 4096) = 71
It wouldn't be documented in the netatalk manpage, because netatalk's
calling something else for the login bit. Here, it's libpam; I'm not
sure what platform you're on, so I can't tell you exactly which library
it is.
I'd check that the shell is in /etc/shells and make sure it actually
exists (/bin/false being good for this, some like to use a little
program which prints a "You're not supposed to login" message to
STDOUT and then exits as a non-shell). If that fails, let us know
some platform details and we'll see what else might be the problem.
-Rich
-- ------------------------------ Rich Lafferty --------------------------- Sysadmin/Programmer, Information and Instructional Technology Services Concordia University, Montreal, QC (514) 848-7625 ------------------------- rich@alcor.concordia.ca ----------------------
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:17:10 EST