On Fri, 14 Dec 2007 13:52:33 CST, Adam N said: > No, the idea is that you are a user with no login access, only FTP. > By doing this, you get shell access (with sane privileges, thankfully) when > you're supposed to only have FTP. And this is why, for at least 2 decades, it's been recommended that people doing the "FTP-only user" put the writeable directories for that user under ~ftp/$USER or some such, rather than ~$USER, and make the login shell for the user /bin/false, and other such things. For bonus points - if it's an FTP-only userid, why does the sysadmin not have e-mail for the userid *blocked*? After all, if they can't login, they can't *read* any mail that gets delivered to the system. Even if you fix the MTA to drop mail directly in $HOME/mbox, it's the rare FTP daemon that understands the locking needed to make this work - that's the primary reason why the POP protocol was invented.
Attachment:
pgpbtPHaA50LD.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/