Re: Why do system users have valid shells

To: debian-security@lists.debian.org
Subject: Re: Why do system users have valid shells
From: Bernd Eckenfels <ecki@calista.eckenfels.6bone.ka-ip.net>
Date: Wed, 22 Oct 2003 19:22:55 +0200
Message-id: <[🔎] E1ACMhD-0002Ef-00@calista.inka.de>
In-reply-to: <[🔎] 1843.216.196.203.220.1066819179.squirrel@www.iegrec.org>

In article <[🔎] 1843.216.196.203.220.1066819179.squirrel@www.iegrec.org> you wrote:
> Out of curiosity, what security benefit does a shell of /bin/false grant,
> that say, an encrypted password of "NOLOGIN" (or equivalently "*") does not
> grant?

Two things, first it is more obvious from reading the password file (and
therefore also avoids someone sneakyly enable those accounts (would you
notice?)) and secondly some other programs like ftp treat accounts with
shells which are in /etc/shells better than others.

And again it is a matter of "not granting priveledges where not needed".

Greetings
Bernd

Reply to:

Follow-Ups:
- Re: Why do system users have valid shells
  - From: "Joe Moore" <joemoore@iegrec.org>

References:
- Re: Why do system users have valid shells
  - From: "Joe Moore" <joemoore@iegrec.org>

Prev by Date: Re: Why do system users have valid shells
Next by Date: Re: Why do system users have valid shells
Previous by thread: Re: Why do system users have non-empty $HOME? (was Re: Why do system users have valid shells)
Next by thread: Re: Why do system users have valid shells
Index(es):
- Date
- Thread