The /etc/shells File
To prevent certain users from running programs or writing to files by way of the aliases or ~/.forward files, V8 sendmail introduced the concept of a “valid shell.” Just before allowing delivery via an alias so:
|"/some/program" /save/to/a/file
the user’s password entry is looked up. If the shell entry from that password entry is a valid one, delivery is allowed. A shell is valid if it is listed in the /etc/shells file.[80] If that file does not exist, sendmail looks up the shell in its internal list, which looks (more or less) like this:[81]
/bin/bsh /bin/csh /bin/ksh /bin/pam /bin/posix/sh /bin/rksh /bin/rsh /bin/sh /bin/tcsh /usr/bin/bsh /usr/bin/csh /usr/bin/keysh /usr/bin/ksh /usr/bin/pam /usr/bin/posix/sh /usr/bin/rksh /usr/bin/rsh /usr/bin/sh /usr/bin/tcsh
With this technique it is possible to prevent certain users from having sendmail running programs or delivering to files on their behalf. To illustrate, consider the need to prevent the ftp pseudouser from misusing sendmail:
ftp:*:1092:255:File Transfer Protocol Program:/u/ftp:/no/shell
Here, any attempt by ftp to send mail through a program or into a file will fail because the shell /no/shell is not a valid shell. Such mail will bounce with one of these two errors:
User ftp@here.us.edu doesn't have a valid shell for mailing to programs User ftp@here.us.edu doesn't have a valid shell for mailing to files
Note that unusual circumstances might require you to allow users with invalid shells to run programs or ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
