nologin for users

Chad Simmons polpak at yahoo.com
Tue Feb 19 10:00:34 PST 2002


--- Gregory Davis <gdavis7 at umbc.edu> wrote:
> Login has documentation on how to stop all users but root from logging into 
> a system.  Otherwise, all users may login.  This poses a threat, I think, 
> for users like "nobody" that aren't really users, but rather are dummy 
> users.  Assuming I set a password for that account, passwords can still be 
> cracked, and that would lead to a security defect.  I have seen on other 
> non-LFS systems a passwd file that lists the login shell of such dummy 
> users as /sbin/nologin or /sbin/false.  What is the theory behind those, 
> and are they simply nonshell programs?  For instance, can I just write a 
> program in my favorite language (C/C++) that prints an error message and 
> returns exit failure to the OS, and use that as the /sbin/nologin shell?


=====
-----BEGIN GEEK CODE BLOCK-----
Version 3.1
GCS/L/C/O d-(+) s++:+ a-- C+++$>++++ UBLS++++$ 
P+++(--)$ L++>+++ E--- W+>++$ N !o K? w(--) !O 
M- !V PS+ PE(++) Y+ PGP->+ t- 5 X+() R(+) tv+@ 
b++(+++) !DI+++ D G(-) e>+++$ h---() r+++ y+++
------END GEEK CODE BLOCK------

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list