Re: Why do system users have valid shells
On Wed, Oct 22, 2003 at 07:13:33PM +1000, Russell Coker wrote:
> Having a valid shell all the time because it might be needed at some time is
> not a good idea.
> I recall that there was a bug in pam in unstable at one time that would allow
> logging in to those accounts. Setting the shells to /bin/false would have
> prevented that bug from being a problem.
This has been around the debsec bush several times, but I'll toss
my 2p in again anyway.
I've run many servers and firewalls with all non-user account shells
set to /bin/false, including in busy web and db servers, and have
never seen any problems whatever.
Whatever it is that breaks, it ain't important enough to worry