Re: noboby with a shell !!
On Wed, Mar 26, 2003 at 11:35:38AM +0100, Yoann wrote:
Hi,
> I look at in the file /etc/passwd on my server today, and I saw the user
> nobody has a shell !!. When I installed my debian (sarge, I know it's
> bad, but it's just a server for me...) I put /bin/false. A few days ago,
> while an upgrade, apt asked to me to upgrade that file to the new
> version and answer yes, so I think it come from that action, but it
> could be unsecure to put /bin/sh for nobody ?
Well yes it could :) As long as the user has no valid password it's not very
usefull. Take a look into the /etc/shadow and in the second field you'll find
! or * indicating that this user has a invalid password. See man 5 shadow.
> nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
> ^^^^^^^^
> I change to :
>
> nobody:x:65534:65534:nobody:/dev/null:/bin/false
This might be bad cause AFAIK a few cronjobs change from their root uid to
nobody via the su command. See your /var/log/syslog maybe you'll now get
some errors from cron jobs at night.
Sven
--
It really sucks to give your heart to a girl
You want to know her like she knows the whole world
But 10 seconds in, it's obvious, your going nowhere...
[Bowling for Soup - Drunk Enough To Dance - I Don't Wanna Rock]
Reply to: