Re: /etc/passwd->shell

To: Hubert Chan <hackerhue@geek.com>
Cc: debian-security@lists.debian.org
Subject: Re: /etc/passwd->shell
From: "\"Ivan R.\"" <ivan.rambeau@franceonline.fr>
Date: Mon, 14 Jan 2002 06:40:35 -0500 (EST)
Message-id: <[🔎] 1011008435.3c42c3b3803dd@mail.franceonline.fr>
In-reply-to: <[🔎] 87g05c5l4f.fsf@hackerhue.ddts.net>
References: <[🔎] 1010964533.3c421835c70b0@mail.franceonline.fr> <[🔎] 87g05c5l4f.fsf@hackerhue.ddts.net>

En réponse à Hubert Chan <hackerhue@geek.com>:

> Anything that is not a real user can have its shell set to /bin/false.
> In fact, depending on how your system is set up, you could probably
> even
> set root's shell to /bin/false.

ok

> Just make sure that you have some way
> of doing stuff as root (e.g. sudo),
> and that you don't kill single
> mode.  (Never tried this, but I don't see why you couldn't do this.)

ok for sudo, but what do you mean by "don t kill single mode"?

> So daemon, bin, sys, ftp, www-data, mail, mysql, etc. can probably be
> set to /bin/false.  (Why does Debian not do this by default?)

i just tried to put /bin/false in /etc/passwd for ftp, www-data, mysql, man
and that s ok. i ll try to do so for daemon, bin and sys at home
(i prefer than to do this at work :p)
 
> I don't know what the sync user is for, though, so I don't know if you
> can set it to /bin/false.  /bin/sync looks like it was put there for a
> reason.

yes, you re right too. sync is called by updated to flush the filesystem buffers
every 30 seconds.

i ll tell you what about daemon, bin and sys soon.

thanks for all ;D

-----
Ivan R.
sysadmin

Reply to:

Follow-Ups:
- Re: /etc/passwd->shell
  - From: Hubert Chan <hackerhue@geek.com>

References:
- /etc/passwd->shell
  - From: "\"Ivan R.\"" <ivan.rambeau@franceonline.fr>
- Re: /etc/passwd->shell
  - From: Hubert Chan <hackerhue@geek.com>

Prev by Date: Re: Socks & Squid?
Next by Date: Re: [d-security] Re: /etc/passwd->shell
Previous by thread: Re: /etc/passwd->shell
Next by thread: Re: /etc/passwd->shell
Index(es):
- Date
- Thread