Re: shell of place-holder accounts (shouldn't be a valid shell)
On Mon, Aug 03, 1998 at 11:18:39AM -0400, Daniel Martin at cush wrote:
> Raul Miller <email@example.com> writes:
> > Chris Ulrich <firstname.lastname@example.org> wrote:
> > > On most unix systems, there are accounts that exist not for users
> > > but to make the filesystem look nice (uids get names instead of
> > > numbers with ls) or for security isolate special purpose processes
> > > from the rest of the system. Examples of this are the nobody user, for
> > > root squashed NFS, the qmail user for the different qmail daemons, the
> > > http user for the web server, and so on. Debian has quite a few of
> > > these users in the default /etc/passwd.
> And note that "nobody" has a world writeable home directory - /tmp.
just a simple note....I havn't edited my /etc/passwd at all...certainly
never fidled with the nobody account...
/home isn't world writeable (yikes...just imagine...ewww)
> > However, overall I agree that passwordless system ids should all have
> > /bin/false. (And there should be some well advertised debian mechanism
> > besides su for root to adopt these identities -- one that always uses
> > $SHELL or /bin/sh.)
> sudo -u <user> /bin/sh
> does this, but many people don't want sudo.
I swear by sudo....its a great program (tho one to be carefull of...
I meant to "sudo slay lora" once and I forgot the sudo...
slay turned on me (mean setting on by default)
I was thinking...maybe it would be good to write /bin/noshell
and have noshell be a program which uses syslog to log a
"sucessfull attempt to log on as...." and exit immediatly.
(or maybe have this as just an option?)
/* -- Stephen Carpenter <email@example.com> --- <firstname.lastname@example.org>------------ */
E-mail "Bumper Stickers":
"A FREE America or a Drug-Free America: You can't have both!"
"honk if you Love Linux"
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org