[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New to debian -- question about shells & unused accounts

On Tue, Jul 28, 1998 at 11:39:38AM -0500, Adam Keys wrote:
> On Tue, Jul 28, 1998 at 01:33:29AM -0700, Chris Ulrich wrote:
> >   I recently got tired of taking care of my own installation of linux
> > and decided to install debian.  So far, I've been pretty happy with it.
> > 
> >   I'm sure I'll have more questions later, but I've got some questions
> > right now.
> > 
> > 1: Is it necessary to have all the dead accounts that come in the 
> > distribution password have /bin/sh as the shell?  Some, like nobody
> > and the qmail daemons, aren't suppose to have a real shell, because
> > people aren't suppose to be able to log in with those IDs.  Ever. I
> > changed my password file, but it seems odd that they would be there
> > in the first place.
> What I do for accounts whose login should not be allowed is make the shell
> /dev/null.  Their connection will be dropped as soon as login exits.
> Alternatively, you could write a shell script that says "Go away", etc. and
> then exec's /dev/null or just exits.

Actually...While this owrks...it is not the "Standard" way that
I have seen. It seems nmore common to make the shell
This is an executable (/dev/null is not and gives a permission denied error)
and is an executable which just exits (retuyrning a value nonetheless but
still just exiting)..or form the man page:
---man false---
FALSE(1)                                                 FALSE(1)

       false - do nothing, unsuccessfully

       false {--help,--version}
this is wrong for debina tho...I just tried it...neither option works
of course...you could make their login shell /usr/bin/yes (or a wrapper that
runs /usr/bin/yes "Go AWAY!"


/* -- Stephen Carpenter <sjc@delphi.com> --- <sjc@debian.org>------------ */
E-mail "Bumper Stickers":
"A FREE America or a Drug-Free America: You can't have both!"
"honk if you Love Linux"

Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

Reply to: