Re: New to debian -- question about shells & unused accounts
On Tue, Jul 28, 1998 at 11:39:38AM -0500, Adam Keys wrote:
> On Tue, Jul 28, 1998 at 01:33:29AM -0700, Chris Ulrich wrote:
> > I recently got tired of taking care of my own installation of linux
> > and decided to install debian. So far, I've been pretty happy with it.
> >
> > I'm sure I'll have more questions later, but I've got some questions
> > right now.
> >
> > 1: Is it necessary to have all the dead accounts that come in the
> > distribution password have /bin/sh as the shell? Some, like nobody
> > and the qmail daemons, aren't suppose to have a real shell, because
> > people aren't suppose to be able to log in with those IDs. Ever. I
> > changed my password file, but it seems odd that they would be there
> > in the first place.
>
> What I do for accounts whose login should not be allowed is make the shell
> /dev/null. Their connection will be dropped as soon as login exits.
> Alternatively, you could write a shell script that says "Go away", etc. and
> then exec's /dev/null or just exits.
Actually...While this owrks...it is not the "Standard" way that
I have seen. It seems nmore common to make the shell
/bin/false
This is an executable (/dev/null is not and gives a permission denied error)
and is an executable which just exits (retuyrning a value nonetheless but
still just exiting)..or form the man page:
---man false---
FALSE(1) FALSE(1)
NAME
false - do nothing, unsuccessfully
SYNOPSIS
false
false {--help,--version}
---done---
this is wrong for debina tho...I just tried it...neither option works
of course...you could make their login shell /usr/bin/yes (or a wrapper that
runs /usr/bin/yes "Go AWAY!"
-STeve
--
/* -- Stephen Carpenter <sjc@delphi.com> --- <sjc@debian.org>------------ */
E-mail "Bumper Stickers":
"A FREE America or a Drug-Free America: You can't have both!"
"honk if you Love Linux"
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: