pseudo (*not* system) users and /bin/false ?
jan.listbox at belvento.org
Tue Dec 12 00:13:01 PST 2000
On Monday 11 December 2000 14:58, Gerard Beekmans gave us this to ponder:
> if /etc/passwd does not contain a shell for a user it will default to
> /bin/sh for most applications (like login).
I read that somewhere after I posted this message. Thanks, now I will
> Adding /bin/false to the password field effectively disallows a
> user to login
Do you mean "to the *shell* field"? I played with /bin/false as shell on
a test account to see what it would do. What you say is indeed what
happens. Test user cannot login, which is what I had assumed as well...
So, would you say that it is an extra security precaution (good idea) to
put /bin/false as shell for all pseudo users (bin, mail, ftp, etc...) on
the system? Thanks for the feedback! :o)
"Computers don't make mistakes, but they do execute your mistakes
with extreme precision."
More information about the lfs-security