Re: Why do system users have valid shells

To: Russell Coker <russell@coker.com.au>
Cc: Tobias Reckhard <jester71@gmx.net>, debian-security@lists.debian.org
Subject: Re: Why do system users have valid shells
From: Dale Amon <amon@vnl.com>
Date: Wed, 22 Oct 2003 11:23:22 +0100
Message-id: <[🔎] 20031022102322.GH27661@vnl.com>
In-reply-to: <[🔎] 200310221913.33478.russell@coker.com.au>
References: <[🔎] 3F963594.9030905@gmx.net> <[🔎] 20031022075310.GA18436@forumakad.pl> <[🔎] 3F9644E9.6020100@gmx.net> <[🔎] 200310221913.33478.russell@coker.com.au>

On Wed, Oct 22, 2003 at 07:13:33PM +1000, Russell Coker wrote:
> Having a valid shell all the time because it might be needed at some time is 
> not a good idea.
> 
> I recall that there was a bug in pam in unstable at one time that would allow 
> logging in to those accounts.  Setting the shells to /bin/false would have 
> prevented that bug from being a problem.

This has been around the debsec bush several times, but I'll toss
my 2p in again anyway.

I've run many servers and firewalls with all non-user account shells 
set to /bin/false, including in busy web and db servers, and have 
never seen any problems whatever.

Whatever it is that breaks, it ain't important enough to worry
about.

Reply to:

References:
- Why do system users have valid shells
  - From: Tobias Reckhard <jester71@gmx.net>
- Re: Why do system users have valid shells
  - From: Dariush Pietrzak <eyck@forumakad.pl>
- Re: Why do system users have valid shells
  - From: Tobias Reckhard <jester71@gmx.net>
- Re: Why do system users have valid shells
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Why do system users have valid shells
Next by Date: Re: Why do system users have valid shells
Previous by thread: Re: Why do system users have valid shells
Next by thread: unsubscribe
Index(es):
- Date
- Thread