SUMMARY: disallowing root FTP access

From: Stout, Logan (ldstout@broadband.att.com)
Date: Thu Oct 05 2000 - 13:39:23 CDT


Many thanks to all those who replied, and so quickly.

I did a bad job of asking my original question, in that I failed to mention
that I was aware of the /etc/ftpusers file (which lists those users unable
to login via ftp). And I also failed to mention that I was asked by powers
that be to find out exactly *why* some servers were denying root ftp, and
some were allowing it, I was able to turn it all off by adding root to the
ftpusers file (creating it in some cases). However, I had begun to discount
ftpusers as the reason for some of the denial, as it seemed to have no
affect on the different machines (a file that disallows only cannot allow
something, so it was apparent that there was something else. My thanks to
those who replied with mention of /etc/shells, which prompted me to verify
that these files were correct.. they were in fact the root cause of the
intermittent allowing and disallowing, (on the many systems that didn't have
the ftpusers file. haven't verified it.. but the rent-a-admin who management
hired to roll out some software last month jumps to mind.. as only the boxes
he touched have the changed paths in /etc/passwd, which fail to match "good"
shells in /etc/shells (and swore up and down that he changed nothing on the
boxes, but under duress recalled that the had changed the paths of root
shell to the "right way", "fixing them"..)

Again, thanks for all the help

Logan Stout

S
U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html
S
T



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:19 CDT