Re: System users and valid shells...
On 8 May 2006, Marc Haber outgrape:
> On Fri, 05 May 2006 11:12:35 +0300, Jari Aalto
> <jari.aalto@cante.net>
> wrote:
>> Richard A Nelson <cowboy@debian.org> writes:
>>> On Wed, 3 May 2006, Colin Watson wrote:
>>> The rest of the system accounts are happily running with
>>> /bin/false
>>
>> There is now /bin/nologin which is more secure
>
> You can surely explain why /bin/nologin is more secure than
> /bin/false. I'm eager to learn.
Since /bin/nologin is used in very specific circumstances, I
can create far tighter security policy and auditing rules for use
with /bin/nologin. /bin/false is used legitimately in scripts, so the
audit trail is diffused, and /dev/null can't be restricted/audited to
the same extent that either /bin/false or /bin/nologin can.
manoj
--
"The only difference between me and a madman is that I'm not mad."
Salvador Dali
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: