nologin for users

Gregory Davis gdavis7 at umbc.edu
Tue Feb 19 09:43:28 PST 2002


Login has documentation on how to stop all users but root from logging into 
a system.  Otherwise, all users may login.  This poses a threat, I think, 
for users like "nobody" that aren't really users, but rather are dummy 
users.  Assuming I set a password for that account, passwords can still be 
cracked, and that would lead to a security defect.  I have seen on other 
non-LFS systems a passwd file that lists the login shell of such dummy 
users as /sbin/nologin or /sbin/false.  What is the theory behind those, 
and are they simply nonshell programs?  For instance, can I just write a 
program in my favorite language (C/C++) that prints an error message and 
returns exit failure to the OS, and use that as the /sbin/nologin shell?

Thanks,
Greg

P.S.  I didn't find anything along these lines in the LFS book in chapter 5 
(passwd and group) or in the BLFS cvs book, where is this appropriate?
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list