Re: The 'users' gid: sync, games, and man
On Tue, 11 Feb 2003 11:17, Colin Watson wrote:
> +games:*:5:60:games:/usr/games:/bin/sh
> +man:*:6:12:man:/var/cache/man:/bin/sh
That is good apart from one thing. I don't think that there is any good
reason for giving a login shell for "games" or "man". No-one should ever
login to those accounts in a normal setup and therefore the default shell
should be /bin/false.
There have been a number of security holes that would work if you give such
accounts a shell of /bin/sh but which would not work if the shell was
/bin/false.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: