[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System users and valid shells...

On Wed, 3 May 2006, Colin Watson wrote:

On Wed, May 03, 2006 at 02:45:56AM +0200, Uwe Hermann wrote:
this may be a dumb question, but I really wonder if there's a policy
(which I obviously haven't found) about which system users should get
a valid shell and which shouldn't.

Yeah, I had the same thoughts when I first installed tiger

This is bug #330882, and is basically because I'm exceptionally
conservative when it comes to base-passwd and it's rather hard to tell
whether anything in Debian might be relying on any of those users having
a valid shell.

I worried about that as well

I'm willing to change these, but I'd like to do it on a case-by-case
basis after scanning the archive for potential problems. At the moment
I'm not even sure how to begin that scan ...

As as a small datapoint, I took 4 machines I could play with and just
fixed all the IDs tiger bitched about - and waited for the fallout.

The results so far (several months later):
	* fetchmail needs a shell (likely because of my pam.d & auth)
	* news needs a shell to do any maintenance
	* uucp needs a shell

The rest of the system accounts are happily running with /bin/false

I'm sure a few more folk could do likewise, and with some tracking,
this should be fairly easy to nail down...  With more testers, the
faster we'd find the few exceptions.
Rick Nelson
"By golly, I'm beginning to think Linux really *is* the best thing since
sliced bread."
(By Vance Petree, Virginia Power)

Reply to: