Re: System users and valid shells...
On Wed, 3 May 2006, Colin Watson wrote:
On Wed, May 03, 2006 at 02:45:56AM +0200, Uwe Hermann wrote:
this may be a dumb question, but I really wonder if there's a policy
(which I obviously haven't found) about which system users should get
a valid shell and which shouldn't.
Yeah, I had the same thoughts when I first installed tiger
This is bug #330882, and is basically because I'm exceptionally
conservative when it comes to base-passwd and it's rather hard to tell
whether anything in Debian might be relying on any of those users having
a valid shell.
I worried about that as well
I'm willing to change these, but I'd like to do it on a case-by-case
basis after scanning the archive for potential problems. At the moment
I'm not even sure how to begin that scan ...
As as a small datapoint, I took 4 machines I could play with and just
fixed all the IDs tiger bitched about - and waited for the fallout.
The results so far (several months later):
* fetchmail needs a shell (likely because of my pam.d & auth)
* news needs a shell to do any maintenance
* uucp needs a shell
The rest of the system accounts are happily running with /bin/false
I'm sure a few more folk could do likewise, and with some tracking,
this should be fairly easy to nail down... With more testers, the
faster we'd find the few exceptions.
--
Rick Nelson
"By golly, I'm beginning to think Linux really *is* the best thing since
sliced bread."
(By Vance Petree, Virginia Power)
Reply to: