Re: System users and valid shells...
On 8 May 2006, Marc Haber outgrape:
> On Fri, 05 May 2006 11:12:35 +0300, Jari Aalto
>> Richard A Nelson <firstname.lastname@example.org> writes:
>>> On Wed, 3 May 2006, Colin Watson wrote:
>>> The rest of the system accounts are happily running with
>> There is now /bin/nologin which is more secure
> You can surely explain why /bin/nologin is more secure than
> /bin/false. I'm eager to learn.
Since /bin/nologin is used in very specific circumstances, I
can create far tighter security policy and auditing rules for use
with /bin/nologin. /bin/false is used legitimately in scripts, so the
audit trail is diffused, and /dev/null can't be restricted/audited to
the same extent that either /bin/false or /bin/nologin can.
"The only difference between me and a madman is that I'm not mad."
Manoj Srivastava <email@example.com> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C