Why do system users have valid shells

To: debian-security@lists.debian.org
Subject: Why do system users have valid shells
From: Tobias Reckhard <jester71@gmx.net>
Date: Wed, 22 Oct 2003 09:45:24 +0200
Message-id: <[🔎] 3F963594.9030905@gmx.net>

Hi

We recently noticed that a stock woody install produces an /etc/passwdin which most, if not all, system users have a valid shell entry of/bin/sh. They're all unable to login due to having no valid password,but best UNIX security practice typically involves giving accounts thatdon't need to be able to login a shell of /bin/false or /bin/true. Otherdistros (at least some of them) appear to follow suit.

Is there a reason why Debian chooses to specify /bin/sh for systemaccounts? Do we risk breaking anything if we perform ans/\/bin\/sh$/\/bin\/false/ ?


Cheers,
Tobias

Reply to:

Follow-Ups:
- Re: Why do system users have valid shells
  - From: Dariush Pietrzak <eyck@forumakad.pl>
- Why not use /bin/noshell? (was Re: Why do system users have valid shells)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: Problem with security.debian.org
Next by Date: Re: Why do system users have valid shells
Previous by thread: Re: Problem with security.debian.org
Next by thread: Re: Why do system users have valid shells
Index(es):
- Date
- Thread