Why do system users have valid shells
Hi
We recently noticed that a stock woody install produces an /etc/passwd
in which most, if not all, system users have a valid shell entry of
/bin/sh. They're all unable to login due to having no valid password,
but best UNIX security practice typically involves giving accounts that
don't need to be able to login a shell of /bin/false or /bin/true. Other
distros (at least some of them) appear to follow suit.
Is there a reason why Debian chooses to specify /bin/sh for system
accounts? Do we risk breaking anything if we perform an
s/\/bin\/sh$/\/bin\/false/ ?
Cheers,
Tobias
Reply to: