[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System users and valid shells...

On 8 May 2006, Marc Haber outgrape:

> On Fri, 05 May 2006 11:12:35 +0300, Jari Aalto
> <jari.aalto@cante.net>
> wrote:
>> Richard A Nelson <cowboy@debian.org> writes:
>>> On Wed, 3 May 2006, Colin Watson wrote:
>>> The rest of the system accounts are happily running with
>>> /bin/false
>> There is now /bin/nologin which is more secure
> You can surely explain why /bin/nologin is more secure than
> /bin/false. I'm eager to learn.

        Since /bin/nologin is used in very specific circumstances, I
 can create far tighter security policy and auditing rules for use
 with /bin/nologin. /bin/false is used legitimately in scripts, so the
 audit trail is diffused, and /dev/null can't be restricted/audited to
 the same extent that either /bin/false or /bin/nologin can.

"The only difference between me and a madman is that I'm not mad."
Salvador Dali
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: