nologin for users

elko elko at home.nl
Tue Feb 19 11:51:56 PST 2002


On Tuesday 19 February 2002 18:43, you wrote:
> Login has documentation on how to stop all users but root from logging into
> a system.  Otherwise, all users may login.  This poses a threat, I think,
> for users like "nobody" that aren't really users, but rather are dummy
> users.  Assuming I set a password for that account, passwords can still be
> cracked, and that would lead to a security defect.  I have seen on other
> non-LFS systems a passwd file that lists the login shell of such dummy
> users as /sbin/nologin or /sbin/false.  What is the theory behind those,
> and are they simply nonshell programs?  For instance, can I just write a
> program in my favorite language (C/C++) that prints an error message and
> returns exit failure to the OS, and use that as the /sbin/nologin shell?

I use this myself at 0rk, it has the ability to display a custom message
and mail you when someone tried to login into an 'inactive' account:

	http://www.adel.nursat.kz/nosh/

-- 
ElkOS: 8:51pm up 1 day, 0:45, 2 users, load average: 1.18, 1.25, 1.11
bofhX: Sysadmins busy fighting SPAM.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list