Re: Adding /bin/false to /etc/shells

To: "L.W. van Braam van Vloten" <lucas2@dds.nl>
Cc: debian-user@lists.debian.org
Subject: Re: Adding /bin/false to /etc/shells
From: Scott Gifford <sgifford@suspectclass.com>
Date: Mon, 18 Dec 2006 15:36:13 -0500
Message-id: <[🔎] ly1wmx2b7m.fsf@gfn.org>
In-reply-to: <[🔎] 20061218154926.wpmrskdxt64kggsw@webmail.dds.nl> (L. W. van Braam van Vloten's message of "Mon, 18 Dec 2006 15:49:26 +0100")
References: <[🔎] 20061218154926.wpmrskdxt64kggsw@webmail.dds.nl>

"L.W. van Braam van Vloten" <lucas2@dds.nl> writes:

> Hello group,
>
> Is there any objection against adding /bin/false to the file
> /etc/shells? Most notably, are there any security considerations?

It's common to use /bin/false for users who can't log in, and that
usually includes blocking access to FTP, so it might be a surprise to
a future admin who adds a user with a shell of /bin/false to find that
this user can actually log in to FTP.

A common technique which is probably better is to set the shell to
something like "/bin/ftponly", and either make that a symlink to
/bin/false or else just leave it nonexistent.  Nobody will be
surprised that a user with a shell of "/bin/ftponly" can log in to
FTP, and the user still won't be able to log in to a shell.

----Scott.

Reply to:

References:
- Adding /bin/false to /etc/shells
  - From: "L.W. van Braam van Vloten" <lucas2@dds.nl>

Prev by Date: Re: if I were a newbie how would I get sound?
Next by Date: Re: What is the best way to install Samba
Previous by thread: Re: Adding /bin/false to /etc/shells
Next by thread: Re: Adding /bin/false to /etc/shells
Index(es):
- Date
- Thread