Admin perspective: it shouldn't. (was Re: Why does the user 'nobody' have a shell?)
Hi,
The user 'nobody' should -not- have a shell if you're interested in
ensuring a secure system. Set the shell to something like /bin/false
and put /bin/true in /etc/shells.
That way, it gets harder to find an exploit in this area inasmuch as
it doesn't exist...
Then you can set your ftp server so that a user must have a login
shell to allow ftp sessions, then you have a way to have ftp logins
without allowing a shell also. Do that by setting the shell to
/bin/true. Disable all kinds of logins for a particular user by
setting the shell to /bin/false, which logins such as nobody should
be: no shell, no logins from anywhere.
-Jim
---
Jim Lynch Finger for pgp key
as Laney College CIS admin: jim@laney.edu http://www.laney.edu/~jim/
as Debian developer: jwl@debian.org http://www.debian.org/~jwl/
Reply to: