pseudo (*not* system) users and /bin/false ?

Thomas 'Balu' Walter tw at itreff.de
Wed Dec 13 06:57:07 PST 2000


+-Gerard Beekmans-(gerard at linuxfromscratch.org)-[12.12.00 21:00]:
> > So, would you say that it is an extra security precaution (good idea) to
> > put /bin/false as shell for all pseudo users (bin, mail, ftp, etc...) on
> > the system? Thanks for the feedback! :o)
> 
> Yep. Also, you can do something about their home directory too. I often write 
> /no/where in the HOME field in combination with /bin/false as the shell 
> field. 

I prefer /dev/null as home-dir. Some machines allow people to log in, even
if there home-dir does not exist (their new home is / then)

     Ba-/dev/bla-lu





More information about the lfs-security mailing list