Re: noboby with a shell !!

[Sven Hoexter <sven@timegate.de>]

On Wed, Mar 26, 2003 at 11:35:38AM +0100, Yoann wrote:

Hi,

> I look at in the file /etc/passwd on my server today, and I saw the user 
> nobody has a shell !!. When I installed my debian (sarge, I know it's 
> bad, but it's just a server for me...) I put /bin/false. A few days ago, 
> while an upgrade, apt asked to me to upgrade that file to the new 
> version and answer yes, so I think it come from that action, but it 
> could be unsecure to put /bin/sh for nobody ?
Well yes it could :) As long as the user has no valid password it's not very
usefull. Take a look into the /etc/shadow and in the second field you'll find
! or * indicating that this user has a invalid password. See man 5 shadow.
 
> nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
>                                          ^^^^^^^^
> I change to :
> 
> nobody:x:65534:65534:nobody:/dev/null:/bin/false
This might be bad cause AFAIK a few cronjobs change from their root uid to
nobody via the su command. See your /var/log/syslog maybe you'll now get
some errors from cron jobs at night.

Sven

-- 
It really sucks to give your heart to a girl
You want to know her like she knows the whole world
But 10 seconds in, it's obvious, your going nowhere...
[Bowling for Soup - Drunk Enough To Dance - I Don't Wanna Rock]