system users and /bin/false ?

J.A. Neitzel jan.listbox at belvento.org
Sat Dec 9 11:40:36 PST 2000


Hi,

Does anyone know the overall security implications of using /bin/false 
for system users? Please see example below (taken from /etc/passwd)...

<example>
root:x:0:0:root:/root:/bin/bash
jan:x:501:10:J.A. Neitzel:/home/jan:/bin/bash
bin:x:1:1::/bin:
nobody:x:65534:65534::/home:/bin/false
</example>

root and I obviously need /bin/bash in the shell field because we are 
legitimate users who are supposed to login to the system. bin and nobody 
are *not* supposed to login.

What is the difference above with using /bin/false in the shell field for 
nobody vs. having nothing for bin's shell field? I have always been 
curious about this. man false tells me a little... Someone with a shell 
/bin/false should not be able to login (I think).!?

Ideas or hints for further reading?
TIA
-- 
J.A. Neitzel
"Computers don't make mistakes, but they do execute your mistakes
	with extreme precision."





More information about the lfs-security mailing list