pseudo (*not* system) users and /bin/false ?
jan.listbox at belvento.org
Wed Dec 13 23:10:16 PST 2000
On Wednesday 13 December 2000 09:57, Thomas 'Balu' Walter wrote:
> +-Gerard Beekmans-(gerard at linuxfromscratch.org)-[12.12.00 21:00]:
> > > So, would you say that it is an extra security precaution (good
> > > idea) to put /bin/false as shell for all pseudo users (bin, mail,
> > > ftp, etc...) on the system? Thanks for the feedback! :o)
> > Yep. Also, you can do something about their home directory too. I
> > often write /no/where in the HOME field in combination with
> > /bin/false as the shell field.
> I prefer /dev/null as home-dir. Some machines allow people to log in,
> even if there home-dir does not exist (their new home is / then)
Ayup, I read about the /dev/null as home-dir in the *NIX SysAdmin
Handbook (aka Redbook..?). Seems a good way to go. And, as a side note,
/etc/login.defs has the following:
# Should login be allowed if we can't cd to the home directory?
# Default in no.
Good to know about that one. Though, I haven't played with it to see that
it works correctly. I'll check it quickly in the morning...
Tar for now ;)
More information about the lfs-security