Re: /etc/passwd->shell
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Ivan" == \"Ivan R \" <Ivan> writes:
Ivan> hi all! i want a password file without hole.
Ivan> so i have now in /etc/passwd:
Ivan> root with /bin/bash
Ivan> daemon, bin and sys with /bin/sh
Ivan> sync with /bin/sync
Ivan> normal users with /bin/bash
Ivan> ftp users with /bin/noshell
Anything that is not a real user can have its shell set to /bin/false.
In fact, depending on how your system is set up, you could probably even
set root's shell to /bin/false. Just make sure that you have some way
of doing stuff as root (e.g. sudo), and that you don't kill single
mode. (Never tried this, but I don't see why you couldn't do this.)
So daemon, bin, sys, ftp, www-data, mail, mysql, etc. can probably be
set to /bin/false. (Why does Debian not do this by default?)
I don't know what the sync user is for, though, so I don't know if you
can set it to /bin/false. /bin/sync looks like it was put there for a
reason.
- --
Hubert Chan <hackerhue@geek.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8P6bKZRhU33H9o38RArsIAKCY+idTjmRqnLlZK60R586wjpxtnwCgwnL+
FJUq6Y7683pJX1Fkz4oEauQ=
=g3hk
-----END PGP SIGNATURE-----
Reply to: