Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells

To: Brian Clark <brian+nevdull@unwell.org>
Cc: 419132@bugs.debian.org
Subject: Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells
From: Russ Allbery <rra@debian.org>
Date: Fri, 13 Apr 2007 18:19:35 -0700
Message-id: <[🔎] 87abxbiwgo.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 419132@bugs.debian.org
In-reply-to: <[🔎] 20070414004756.GK19588@machismo> (Brian Clark's message of "Fri, 13 Apr 2007 20:47:56 -0400")
References: <[🔎] 20070413202006.16423.42132.reportbug@helios.unwell.org> <[🔎] 87k5wfga0d.fsf@windlord.stanford.edu> <[🔎] 20070414004756.GK19588@machismo>

Brian Clark <brian+nevdull@unwell.org> writes:

> Should the Debian package of openssh have user sshd use /bin/false
> instead? The man pages seem to indicate that /usr/sbin/nologin and
> /bin/false provide the same function.

/usr/sbin/nologin is supposed to be a more secure way of doing the same
thing.  There was a long discussion about this a while back, and I think
the conclusion was that /usr/sbin/nologin was better than /bin/false for
this purpose.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells
  - From: Brian Clark <bjclark@helios.unwell.org>
- Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells
  - From: Russ Allbery <rra@debian.org>
- Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells
  - From: Brian Clark <brian+nevdull@unwell.org>

Prev by Date: Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells
Next by Date: Bug#419260: openssh-server: [INTL-nl] spelling errors
Previous by thread: Bug#419132: ssh: /usr/sbin/nologin used for shell, not present in /etc/shells
Next by thread: Bug#419260: openssh-server: [INTL-nl] spelling errors
Index(es):
- Date
- Thread