HPE Community
Operating System - HP-UX
1845950 Members
2662 Online
110250 Solutions
New Discussion

Re: Adding bash as default shell

 
Ruben Cardenal
Frequent Advisor

‎01-08-2002 02:13 AM

‎01-08-2002 02:13 AM

Adding bash as default shell

Hi,

I have added bash as new shell for root at my HP/UX 11.00 machines, but when someone tries to log in via ftp, access is denied to every user. Why? (If i revert to sh, all works properly)
0 Kudos
Reply
6 REPLIES 6
Steven Sim Kok Leong
Honored Contributor

‎01-08-2002 02:18 AM

‎01-08-2002 02:18 AM

Re: Adding bash as default shell

Hi,

First, NEVER use any shells in /usr/bin as the login shell for root because you will encounter problems in single-user mode or maintenance mode because /usr is not mounted in single-user mode. Always stick to /sbin/sh for the login shell for root.

Second, if you want FTP to work for a specific login shell, you must include it in /etc/shells. man shells for more information.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Alan Casey
Trusted Contributor

‎01-08-2002 02:21 AM

‎01-08-2002 02:21 AM

Re: Adding bash as default shell

The following may give some insight:
Problem Description

Why can I not ftp to my HP-UX 10.x system using non-root accounts?

Solution

If you cannot ftp to an HP-UX 10.x system when using a non-root account,
most likely one of two situations exists:

-- The user is using a non-standard shell. This may also be the
case if a user is using an HP-UX 9.x shell path instead of
an HP-UX 10.x shell path.

-- The user is listed in /etc/ftpusers, which is a file used to
deny access to specific users.

Non-Standard Shell
------------------
HP-UX 10.x systems verify the user shell of the incoming FTP user.
If the shell type is not returned by getusershell(3C), then the
"ACCESS DENIED" message is generated.

ftpd(1M) requires that the shell for a given user be in the list returned
by getusershell(3C). This list is the contents of /etc/shells, or, if that
file does not exist, the following default list:

/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh

To resolve this problem, do one of the following:

A. If you have an /etc/shells file, verify its data has not been corrupted.

B. If you do not have an /etc/shells file, create one. This file must
list all user shells that might be used with an incoming FTP session
in the format shown in the example above. Check /etc/passwd for its
list of shells for each user.

For more information, refer to the ftpd(1M), getusershell(3C) and shells(4)
man pages.

The /etc/ftpusers File
----------------------
When a user attempts to log into your system using ftp, the ftpd daemon
checks the /etc/ftpusers file. If the file exists, and the user's login
name is listed in it, ftpd denies access to the user.

User accounts that specify a restricted login shell in /etc/passwd should
be listed in /etc/ftpusers, because ftpd accesses local accounts without
using their login shells. UUCP accounts should also be listed in
/etc/ftpusers.

You can use either a text editor or SAM (HP-UX's System Administration
Manager) to create and edit the /etc/ftpusers file. SAM has an extensive
online help facility.

Each line in /etc/ftpusers consists of a login name with no white space.
Following is an example /etc/ftpusers file:

uucp
guest
nobody

For more information, refer to the ftpusers(4) man page.

References
----------
For additional troubleshooting information, refer to the edition of
the manual "Installing and Administering Internet Services" that is
for your HP-UX system.

0 Kudos
Reply
Alex Glennie
Honored Contributor

‎01-08-2002 02:21 AM

‎01-08-2002 02:21 AM

Re: Adding bash as default shell

documented in shells(4) manpage,
add your shell to /etc/shells ?

It is used for security, a user will be able to login (using normall ogin,
telnet, rlogin, ftp and so on) only if his shell is in the /etc/shells list. So
this is a list of trusted shells. When you install HPUX it is installed
automatically, if you want to add an extra non-HP shell (such as 'bash')you should edit this file manually.
0 Kudos
Reply
Stefan Schulz
Honored Contributor

‎01-08-2002 02:32 AM

‎01-08-2002 02:32 AM

Re: Adding bash as default shell

Hi,

first it is very important to use only staically linked shells in /sbin for root. Hope you have a statically linked bash placed in /sbin. If not switch back to /sbin/sh as the root shell.

To use the bash for ftp, you have to make this shell available/valid for ftp. Have a look at man ftpd and man shells. I haven't done this so i can't give you a step by step gude.

(Just wanted to warn you about replacing the root's shell)

Hope this helps

Regards Stefan
No Mouse found. System halted. Press Mousebutton to continue.
0 Kudos
Reply
Ruben Cardenal
Frequent Advisor

‎01-08-2002 03:03 AM

‎01-08-2002 03:03 AM

Re: Adding bash as default shell

Now, I have this:

root@grecopr2:/# cat /etc/shells
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh
/sbin/bash
root@grecopr2:/#

root@grecopr2:/# ll /sbin/bash
-r-xr-xr-x 1 bin bin 659456 4 Ene 12:51 /sbin/bash
root@grecopr2:/#

Then, I change passwd and make bash (statically linked) the default shell for root. And:

root@grecopr2:/# ftp localhost
Connected to localhost.
220 grecopr2 FTP server (Version 1.1.214.7 Thu Aug 10 09:57:38 GMT 2000) ready.
Name (localhost:root): root
530 User root access denied...
Login failed.


Again, reverting to sh, ftp works fine.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-08-2002 04:16 AM

‎01-08-2002 04:16 AM

Re: Adding bash as default shell

Changing user shells to bash if fine, but DON'T change root's shell which must be /sbin/sh. As mentioned, in single user mode, you will have NO SHELL (and that's bad). It's important to note that bash (and other POSIX shells like ksh) have a lot more in common than they have differences. Some sysadmins with experience on other flavors of Unix may think that /sbin/sh or /usr/bin/sh are Bourne shells...not true!

The /usr/bin/sh shell is the POSIX shell, and incoporates virtually all the coommonly requested features of ksh and bash. But because the POSIX shell incorporates more security features, some sysadmins discount it and go for some other shell. One of the security featiures is that command line recall (the ESC k incantation) doesn't work by default (true), but all that is necessary is to supply the env variable: HISTFILE (which works for bash and ksh too). Set this in /etc/profile:

export HISTFILE=$HOME/.sh_history

and after logging in, ESC k (and all the rest of the command line recall features) will work OK.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.