RE: Preventing logins /bin/false ?
> From: Vineet Kumar [mailto:email@example.com]
> Sent: Saturday, August 18, 2001 8:18 AM
> * Ian Perry (firstname.lastname@example.org) [010816 20:11]:
> > Hi,
> > Quick question.
> > I have been using /dev/null to prevent shell logins (yet
> still leave pop3
> > etc running) as follows:
> > username:x:1000:1000:Mr User,,,:/home/homedir:/dev/null
> > I noticed that the shell can also be put as /bin/false as in ftp
> > I prefer /dev/null as the user is instantaneously
> disconnected without any
> > messages.
> Umm ... how does that make it preferable to /bin/false, which
> does (from
> the user's perspective) exactly the same? Note: it has nothing to do
> with ftp, except that ftp users are commonly assigned this shell to
I realise this.
> prevent them from logging in to a shell. I think /bin/false is a more
> common approach, as it is an actual executable binary. Somehow that
> makes it make more sense to call exec() on. So really, what it does is
> actually run, failing, rather than failing to run (as a properly
> permissioned /dev/null would do).
> The difference seems pedantic, and it should make no practical
I agree that it makes no practical difference.
If I log in with /bin/false I get...
Linux sydney 2.0.36 #1 Thu Sep 2 09:28:09 EST 1999 i686 unknown
Copyright (C) 1993-1999 Software in the Public Interest, and others
Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/doc/*/copyright
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Aug 20 16:50:17 on ttyp2 from IP.
With /dev/null I get nothing, not even a message.
I would rather give people as little information about the system as
possible. There is also a risk (however slight) that /bin/false could be
replaced with a bash program. I don't believe that this could be done with
/dev/null (or could it ?)
BTW, 2.0.36 is incorrect, I just have not been bothered to fix it.