I apologise if I seem like a one hit and run poster here; truth is, I’ve never had problems with Webmin/Virtualmin so I’ve never really had a reason to join the community
I’m currently running Virtualmin GPL on CentOS 5.4 with a typical lamp setup.
I’ve created a new domain domain.com and the user domain is able to successfully ftp. - success
I then created a e-mail only user, attempted to ftp and he was denied - success (assigned shell is /dev/null)
I then created a e-mail + ftp user, however he is unable to ftp to the server. The assigned shell is /bin/false so ftp shouldn’t be a problem.
I have tried with ProFTP’s ‘allow only users with valid shells’ option enabled and disabled but the result is the same.
Are their any security implications of having /bin/false listed as a valid system shell?
Well, only that users in /etc/passwd who have /bin/false as their username, and a password set, would be able to login via FTP.
That’s typically not an issue, though you can always review what existing users have /bin/false set as their shell, and you could change it to something else, such as /dev/null.
