On 8/1/2000 Wichert Akkerman wrote:
Do they have /bin/true listed in /etc/shells? I'm tempted to change the shell in passwd for Debian as well..
No they do not, on a redhat system the `system' accounts vary from /bin/true to /bin/false (apparently from whatever each individual package maintainer happens to pick) I cannot think of any real difference between one or the other (the only difference is the exit code)
my personal opinion is that /bin/false is a logical choice for a system account for which no login access should ever be granted for. and /bin/true can then be optionally added to /etc/shells for use in non interactive user accounts (ftp and such) without reducing the security of locked non login system accounts.
this seems to be pretty much in line with Debian policy other then the fact that there are perhaps more accounts with /bin/sh as the shell then there should be.
BTW whatever happened to your proposal to move the qmail uids to the 60000+ range? was it just too risky for breakage of existing systems? not to start another bout of flamage over the issue but I just personally find it mildly annoying to have so many system accounts which serve no purpose for my configuration. (I know i could technically remove them but 1) it would be alot of trouble 2) they will eventually get put back next time base-passwd gets updated 3) it would add more inconsistency between multiple debian boxes)
-- Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/