system users and /bin/false ?

J.A. Neitzel jan.listbox at
Sat Dec 9 11:40:36 PST 2000


Does anyone know the overall security implications of using /bin/false 
for system users? Please see example below (taken from /etc/passwd)...

jan:x:501:10:J.A. Neitzel:/home/jan:/bin/bash

root and I obviously need /bin/bash in the shell field because we are 
legitimate users who are supposed to login to the system. bin and nobody 
are *not* supposed to login.

What is the difference above with using /bin/false in the shell field for 
nobody vs. having nothing for bin's shell field? I have always been 
curious about this. man false tells me a little... Someone with a shell 
/bin/false should not be able to login (I think).!?

Ideas or hints for further reading?
J.A. Neitzel
"Computers don't make mistakes, but they do execute your mistakes
	with extreme precision."

More information about the lfs-security mailing list