I apologise if I seem like a one hit and run poster here; truth is, I've never had problems with Webmin/Virtualmin so I've never really had a reason to join the community :)
I'm currently running Virtualmin GPL on CentOS 5.4 with a typical lamp setup.
I've created a new domain domain.com and the user domain is able to successfully ftp. - success I then created a e-mail only user, attempted to ftp and he was denied - success (assigned shell is /dev/null)
I then created a e-mail + ftp user, however he is unable to ftp to the server. The assigned shell is /bin/false so ftp shouldn't be a problem.
I have tried with ProFTP's 'allow only users with valid shells' option enabled and disabled but the result is the same.
I seem to have solved the issue.
A simple
echo "/bin/false" >> /etc/shellsdoes the trick :)Are their any security implications of having /bin/false listed as a valid system shell?
Howdy,
Are their any security implications of having /bin/false listed as a valid system shell?
Well, only that users in /etc/passwd who have /bin/false as their username, and a password set, would be able to login via FTP.
That's typically not an issue, though you can always review what existing users have /bin/false set as their shell, and you could change it to something else, such as /dev/null.
-Eric
Hi Eric
I assume you meant /bin/false as their shell :)
I've made sure of the following: - only allow users with a valid shell (now including /bin/false) to login via ftp - all system user accounts have been added to /etc/ftpusers and majority have /sbin/nologin as their shell
thanks for your quick support.