T20@psuvm.bitnet (Stephen G. Simpson) (09/19/89)
This is a complaint about the way ftp behaves on our local system of networked Suns. I'm not sure whether my complaint applies to all Bsd systems, or only to SunOS. When I try to ftp from the outside world into my own Sun account, our ftp daemon uses a three-step procedure to "authenticate" the account. One of the steps is to compare my /etc/passwd entry with the /etc/shells file. If my default login shell (as specified in my /etc/passwd entry) is other than /bin/csh or /bin/sh and is not listed in /etc/shells, then the ftp daemon assumes that the account is inauthentic, and refuses the connection! (See the man page for ftpd.) In my opinion this behavior (on the part of the ftp daemon) is not in accordance with the Unix philosophy that users are permitted to use a shell of their choosing, provided the system administrator allows it. In my case, I want to use bash, the GNU Bourne Again shell, so I asked my sys admin to change my default login shell (as specified in my /etc/passwd entry) to bash. He very kindly did so, but without adding a line to /etc/shells. (Adding such a line would allow any user to change his own default login shell to bash, and it is not clear that we want to allow this.) All of this is in accordance with the man page for passwd -s. But, ftp doesn't like it and balks. In my opinion, this is a bug in ftp rather than in the /etc/passwd procedure. Ftp should realize that the system administrator may want to change a user's default login shell to something unusual without putting a corresponding line into /etc/shells. It is obnoxious of ftp to assume that an account with an unusual shell (not listed in /etc/shells) is ipso facto illegitimate. Please post your comments and also e-mail them to me, as I don't usually read all of these newsgroups.
perry@morgan.com (Perry Metzger) (09/27/89)
In article <1701@brazos.Rice.edu> T20@psuvm.bitnet (Stephen G. Simpson) writes: >X-Sun-Spots-Digest: Volume 8, Issue 136, message 5 of 13 [Flame about FTP checking /etc/shells. Notable bits include...] >In my opinion, this is a bug in ftp rather than in the /etc/passwd >procedure. Ftp should realize that the system administrator may want to >change a user's default login shell to something unusual without putting a >corresponding line into /etc/shells. It is obnoxious of ftp to assume >that an account with an unusual shell (not listed in /etc/shells) is ipso >facto illegitimate. FTP checks /etc/shells for an VERY good reason! It was set up that way to keep people from doing FTP to accounts that have been set up with special shells. These accounts might have very limited priviledges, but FTP would allow you to break out and gain higher priviledges from another machine if it weren't for /etc/shells. (If you don't believe me, think about what you could do to, say, the per user crontab, or even .profile for a restricted shell.) >In my opinion this behavior (on the part of the ftp daemon) is not in >accordance with the Unix philosophy that users are permitted to use a >shell of their choosing, provided the system administrator allows it. Why isn't it? The system administrator indicates his willingness to let you use a shell by putting it in /etc/shells, and you go and use chsh to change your shell to it, and everyone is happy. The FTP daemon knows you have a normal account, you have the shell you want, and the system administrator doesn't have to change everyone's shell for them all the time. (Think how much of a hassle it would be at a big site if the system administrator had to change peoples shells for them several times a day!) /etc/shells keeps you from possibly shooting yourself in the foot while using chsh. It also keeps other people from maliciously altering your shell when you leave your terminal alone. It also serves an important security purpose; it lets ftpd determine if you are running a restricted shell of some sort or not, which we will get to in a moment. You seem to want to "fix" this just so that you and your system administrator can do something odd, which is let you use a shell that isn't in /etc/shells. Why not just put it there and be done with it? You and your system administrator don't appear to want to change /etc/shells to keep people from using the special shell you want to use because you think bash is dangerous or something. Why not just let people, in the Unix Philosophy style, decide for themselves if they want to use it? Novices aren't going to fool with chsh on their own, so its unlikely that they will shoot themselves in the foot, and experienced people should accept the consequences. This is much easier to live with than putting a secur ity breach into Unix. Perry Metzger This message doesn't constitute my opinion. Actually, I'm just typing on behalf of my pet Iguana, Fred.