installation of cdrecord needs an user "bin"

J.A. Neitzel jan.listbox at belvento.org
Thu Oct 4 09:55:03 PDT 2001


Ian Molton wrote:
> On stardate Thu, 04 Oct 2001 10:22:09 -0500
> J.A. began the full scale invasion of earth with the following words:
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                 |-- he he he... funny =) --|

>> ==== /etc/passwd ====
>> bin:x:1:1:bin:/dev/null:/bin/false
>  
> I have:
> 
> bin:x:1:1:bin::
> 
> is that bad?

Well, the only real difference is you don't assign a home directory
and a shell. I don't know about the home directory. But, when you
don't assign a shell... Here, from the PASSWD(5) man page:
<quote>
The home directory field provides the name of the initial working
directory.  Login uses this information to set the value of the HOME
environmental variable.

The command interpreter field provides the name  of  the  user's
command  language interpreter, or the name of the initial program to
execute.  Login uses this information to set the value of the SHELL
environmental  variable.   If  this  field  is empty, it defaults to
the value /bin/sh.
</quote>

/dev/null can have an effect depending how your login program is
configured. /bin/false is always unsuccessful. So, there is no
useable cli.

Also be sure that /etc/shadow, if you use shadow, contains:
bin:!:XXXXX:X:XXXXX:X:::
 |  | |
 |  | |= you won't see "X". I put "X" to indicate "not important".
 |  |= passwd. "!" indicates a locked account.
 |= user

The most important thing is that the account be locked (L). To be
sure, simply do a `/usr/bin/passwd -S bin'. You should see a big "L"
along with other useful info of course.

Setting the shell as /bin/false is just for extra assurance. This is
the easiest way on Linux. Other UNIX systems actually have a program
for use with no login accounts. OpenBSD for example has /sbin/nologin
-- 
Jeff

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list