cancel
Showing results for 
Search instead for 
Did you mean: 

Anonymous FTP Invalid Shell

Balki
Occasional Contributor

Anonymous FTP Invalid Shell

I have a requirement to collect list of invalid shell based on the industry standard, for Anonymous FTP shell. Where can I get the list Unix Invalid shell, eg: /sbin/nologin or /bin/false, etc..

Appreciate your help and directions here.
4 REPLIES

Re: Anonymous FTP Invalid Shell

Hi Balki,

I would just use the "/usr/bin/false" shell for FTP anonymous Login User on HP-UX.

e.g:

# cat /etc/passwd
ftp:*:500:guest:anonymous ftp:/home/ftp:/usr/bin/false


Hope it helps.

Cheers
- Thomas
Balki
Occasional Contributor

Re: Anonymous FTP Invalid Shell

Hi Thomas,

Thanks for your response. Is there anyway, I can get a list of such invalid shell, which people uses across the accounts, as best practices?

Regards
Balki
Horia Chirculescu
Honored Contributor

Re: Anonymous FTP Invalid Shell

Hello,

There is no such list availlable.

Horia.
Best regards from Romania,
Horia.
Viktor Balogh
Honored Contributor

Re: Anonymous FTP Invalid Shell

> I can get a list of such invalid shell, which people uses across the accounts, as best practices?

use that /usr/bin/false shell for the ftp user, it's a 'best practice'. Anyway, here is a list of shells:

# cat /etc/shells
/bin/ksh
/bin/csh
/bin/sh
/sbin/sh
/usr/bin/ksh
/usr/bin/csh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/true
/usr/bin/false
/bin/tcsh
/usr/bin/tcsh
#

Or you could use /usr/bin/true also, the remote connection will disconnect immediately. The difference is the exit status at the end.

I have also seen /usr/bin/date as a shell. The result was a 'key' account, which gave the date back and disconnected right after the date command terminated. If you want to check this out on one of your test machine, do not forget to add /usr/bin/date to /etc/shells.

But, for the ftp user, stick to the best practice and choose /usr/bin/false for its shell.
****
Unix operates with beer.