[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/passwd->shell

Hash: SHA1

>>>>> "Ivan" == \"Ivan R \" <Ivan> writes:

Ivan> hi all!  i want a password file without hole.

Ivan> so i have now in /etc/passwd:

Ivan> root with /bin/bash
Ivan> daemon, bin and sys with /bin/sh
Ivan> sync with /bin/sync
Ivan> normal users with /bin/bash
Ivan> ftp users with /bin/noshell

Anything that is not a real user can have its shell set to /bin/false.
In fact, depending on how your system is set up, you could probably even
set root's shell to /bin/false.  Just make sure that you have some way
of doing stuff as root (e.g. sudo), and that you don't kill single
mode.  (Never tried this, but I don't see why you couldn't do this.)

So daemon, bin, sys, ftp, www-data, mail, mysql, etc. can probably be
set to /bin/false.  (Why does Debian not do this by default?)

I don't know what the sync user is for, though, so I don't know if you
can set it to /bin/false.  /bin/sync looks like it was put there for a

- -- 
Hubert Chan <hackerhue@geek.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Reply to: