Admin perspective: it shouldn't. (was Re: Why does the user 'nobody' have a shell?)

To: Ben Armstrong <synrg@sanctuary.nslug.ns.ca>, debian-devel@lists.debian.org
Subject: Admin perspective: it shouldn't. (was Re: Why does the user 'nobody' have a shell?)
From: Jim Lynch <jim@laney.edu>
Date: Sat, 08 Jan 2000 01:11:19 -0800
Message-id: <[🔎] 200001080911.BAA22018@earth.laney.edu>
In-reply-to: Your message of "Fri, 07 Jan 2000 18:52:12 GMT." <[🔎] Pine.LNX.3.96.1000107184921.1022M-100000@eden.nslug.ns.ca>

Hi,

The user 'nobody' should -not- have a shell if you're interested in 
ensuring a secure system. Set the shell to something like /bin/false
and put /bin/true in /etc/shells.

That way, it gets harder to find an exploit in this area inasmuch as
it doesn't exist... 

Then you can set your ftp server so that a user must have a login
shell to allow ftp sessions, then you have a way to have ftp logins
without allowing a shell also. Do that by setting the shell to 
/bin/true. Disable all kinds of logins for a particular user by 
setting the shell to /bin/false, which logins such as nobody should
be: no shell, no logins from anywhere. 

-Jim

---
Jim Lynch       Finger for pgp key
as Laney College CIS admin:  jim@laney.edu   http://www.laney.edu/~jim/
as Debian developer:         jwl@debian.org  http://www.debian.org/~jwl/

Reply to:

Follow-Ups:
- Re: Admin perspective: it shouldn't. (was Re: Why does the user 'nobody' have a shell?)
  - From: Wichert Akkerman <wichert@cistron.nl>

References:
- Re: Why does the user 'nobody' have a shell?
  - From: Ben Armstrong <synrg@sanctuary.nslug.ns.ca>

Prev by Date: Re: /etc/hosts file permissions
Next by Date: Re: gnome themes (ITP: ????)
Previous by thread: Re: Why does the user 'nobody' have a shell?
Next by thread: Re: Admin perspective: it shouldn't. (was Re: Why does the user 'nobody' have a shell?)
Index(es):
- Date
- Thread