Re: Why do system users have valid shells

[Dale Amon <amon@vnl.com>]

On Wed, Oct 22, 2003 at 02:02:25PM -0400, Joe Moore wrote:
> The similarities:
> ------------------------------
> ro /usr:
> Blocks certain types of automated trojan horse/virus attacks
> Can't stop an intruder that can run "mount -o remount,rw /usr" as root
> Can be worked around for short tasks by the admin (mount rw temporarily)
> 
> system account shell of /bin/false:
> Blocks certain types of bugs in authentication programs
> Can't stop an intruder that can run "chsh" for a system account (either root
> or the system account itself)
> Can be worked around for short tasks by the admin (chsh temporarily)
 
And the biggest similarity is the way to ask the question from a 
least privilege viewpoint:

Is there a reason to add a an executable shell to a non-user account?

Note that this is a different question from:

Why should I bother changing the existing /bin/sh on non-user accounts.

That is the approach to security of removing things you think are worth
removing; least privilege means starting out with no privileges for anyone
or anything to do anything and then adding "just enough" to carry out
the required task.

It's the difference between writing a firewall in which you leave 
everything open by default and add rules to disallow specific things
and the approach in which you being by disabling all access and then
adding in allow's for the things you are actually using.