pseudo (*not* system) users and /bin/false ?

J.A. Neitzel jan.listbox at belvento.org
Tue Dec 12 00:13:01 PST 2000


On Monday 11 December 2000 14:58, Gerard Beekmans gave us this to ponder:
> if /etc/passwd does not contain a shell for a user it will default to
> /bin/sh for most applications (like login).

I read that somewhere after I posted this message. Thanks, now I will 
remember.

> Adding /bin/false to the password field effectively disallows a
> user to login

Do you mean "to the *shell* field"? I played with /bin/false as shell on 
a test account to see what it would do. What you say is indeed what 
happens. Test user cannot login, which is what I had assumed as well...

So, would you say that it is an extra security precaution (good idea) to 
put /bin/false as shell for all pseudo users (bin, mail, ftp, etc...) on 
the system? Thanks for the feedback! :o)
-- 
Regards,
J.A. Neitzel
"Computers don't make mistakes, but they do execute your mistakes
	with extreme precision."





More information about the lfs-security mailing list