Re: [Proftpd-user] RequireValidShell

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, Nov 14, 2001 at 10:29:16AM +0100, Tom Fischer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> is RequireValidShell decreasing security for some reason? If not, what is the 
> reason to configure it extra? 

In theory having "RequireValidShell yes" will make the server slightly
more secure _if_ /etc/shells has a limited number of entries (ie a
tight overall server policy) in itself it makes no difference.  What
it gives is a method for bypassing the system level security limits.
Given I tend to ensure that all ftp users have a null shell (/bin/true
or similar) it's not a major issue generally for me.

-- 
The Flying Hamster <ha...@ko...>      http://www.korenwolf.net/
Man's capacity for self-delusion is infinite.
                                        -Dr. Eleia Shneour