MAJOR hole in 5.0

Jochen Schroeder jschrod at
Thu Sep 25 14:38:08 PDT 2003

Matthias Benkmann wrote:
> On Thu, 25 Sep 2003 19:47:20 +0100 Chris Lingard <chris at>
> wrote:
>>Remove user nobody, as this will now be a security risk, when
>>you put your new LFS systm on the internet. 
> Yes, and make sure to tell them that they should only ever use the root
> account because all normal user accounts are a security risk when you put
> your system on the Internet.
> Could someone please tell me, how a user account called "nobody" with no
> valid shell and no password that doesn't own any files is a major security
> risk and a user account called "miller" with a valid shell and password
> that owns files and has write access to /home/miller is not?
from chris mail:

nobody::1000:1000:::/bin/bash is fine when building LFS

note it has a valid shell. even worse, what was in the book was:



More information about the lfs-security mailing list