HPE Community
Operating System - HP-UX
1827649 Members
3324 Online
109966 Solutions
New Discussion

to have /etc/shells or not?

 
Ravinder Singh Gill
Regular Advisor

‎07-24-2005 10:24 PM

‎07-24-2005 10:24 PM

to have /etc/shells or not?

Guys for one of our clients we have quite a few servers. However some of them have an /etc/shells file & some don't. I am trying to make it a more standardised service where either they all have /etc/shells or none of them do. Taking in to account that network security with firewalls etc is in place is /etc/shells necessary? And what will be the implications of adding it or removing it from the existing servers? Could there be a disruption of service?
0 Kudos
Reply
5 REPLIES 5
H.Merijn Brand (procura
Honored Contributor

‎07-24-2005 10:37 PM

‎07-24-2005 10:37 PM

Re: to have /etc/shells or not?

/etc/shells is optional

If it is NOT present, all programs that use it default to a standard list of shells.
I'm a tcsh user, so all my machines have /etc/shells present, because the tcsh is not present in any default path, certainly not in the location where my login shell is located

ftp is the best known /etc/shells user. Users with a login shell not present in either the default list or /etc/shells will not be able to use the machine through ftp.

I wasn't able to dig up the default list of supported shells. man ftpd didn't provide me with any hints

Enjoy, Have FUN! H.Merijn
Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
Pedro Cirne
Esteemed Contributor

‎07-24-2005 10:38 PM

‎07-24-2005 10:38 PM

Re: to have /etc/shells or not?

Hi,

If you don't have /etc/shells, any shell can be used.
If you have /etc/shells, only shells defined there can be used. If you remove some of shells, then any scripts that makes reference to it, it won't work!

Pedro
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

‎07-24-2005 10:41 PM

‎07-24-2005 10:41 PM

Re: to have /etc/shells or not?

You should definitely have it for security reasons (think locking out pseudo-users, ftp users).
There won't be a service at risk as long as You first gather all shells that are set in /etc/passwd of the systems and use these to assemble Your /etc/shells.

(usually You won't have more than 5 or 6 shells in the whole enterprise, /bin/sh, /usr/bin/ksh, /usr/bin/csh, /usr/bin/tcsh /bash and an occasional shell freak using /dtksh.)
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Fabio Ettore
Honored Contributor

‎07-24-2005 10:43 PM

‎07-24-2005 10:43 PM

Re: to have /etc/shells or not?

Hi,

in the past I saw several ftp problems without /etc/shells. I saw messages like '530 connection refused'.
/etc/shells should contain all kind of shells in /etc/passwd, usually it is something like:


/bin/sh
/bin/ksh
/usr/bin/sh
/usr/bin/ksh

This just is an example for sh and ksh shells.

I don't see particular firewall or security problems, anyway you can configure it and you could put just the shells that you need.

HTH.

Best regards,
Fabio
WISH? IMPROVEMENT!
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎07-25-2005 07:29 PM

‎07-25-2005 07:29 PM

Re: to have /etc/shells or not?

If /etc/shells does not exist, the following list of shells is assumed (see getusershell(3C)). If /etc/shells exist then its contents provide the list of standard shells.

/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh /usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh

As already mentioned some programs (such as ftpd) call getusershell() and will not allow login if user's login shell is not in the returned list.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.