[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shell of place-holder accounts (shouldn't be a valid shell)

On Mon, Aug 03, 1998 at 11:18:39AM -0400, Daniel Martin at cush wrote:
> Raul Miller <rdm@test.legislate.com> writes:
> > Chris Ulrich <cdulrich@ucdavis.edu> wrote:
> > >   On most unix systems, there are accounts that exist not for users
> > > but to make the filesystem look nice (uids get names instead of
> > > numbers with ls) or for security isolate special purpose processes
> > > from the rest of the system. Examples of this are the nobody user, for
> > > root squashed NFS, the qmail user for the different qmail daemons, the
> > > http user for the web server, and so on. Debian has quite a few of
> > > these users in the default /etc/passwd.
> And note that "nobody" has a world writeable home directory - /tmp.

just a simple note....I havn't edited my /etc/passwd at all...certainly
never fidled with the nobody account...


/home isn't world writeable (yikes...just imagine...ewww)

> > However, overall I agree that passwordless system ids should all have
> > /bin/false.  (And there should be some well advertised debian mechanism
> > besides su for root to adopt these identities -- one that always uses
> > $SHELL or /bin/sh.)
> sudo -u <user> /bin/sh
> does this, but many people don't want sudo.

I swear by sudo....its a great program (tho one to be carefull of...
I meant to "sudo slay lora" once and I forgot the sudo...
slay turned on me (mean setting on by default)

I was thinking...maybe it would be good to write /bin/noshell
and have noshell be a program which uses syslog to log a 
"sucessfull attempt to log on as...." and exit immediatly.
(or maybe have this as just an option?)
/* -- Stephen Carpenter <sjc@delphi.com> --- <sjc@debian.org>------------ */
E-mail "Bumper Stickers":
"A FREE America or a Drug-Free America: You can't have both!"
"honk if you Love Linux"

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: