Re: Completely locking out a user
On Fri, Feb 03, 2023 at 04:27:06PM +0100, Nicolas George wrote:
> - crontabs or atjobs that download instructions from the web;
>
> - .procmailrc or “|something” in .forward;
>
> - probably one or two mechanisms I forgot about.
systemd --user units and timers.
Any process currently running under that user's UID.
Any files owned by that user's UID which have the setuid bit set
(land mines).
> When there is a suspicious access to a user account, we want to lock
> this account until we made sure. So “:-:” in /etc/shadow and shell to
> /bin/false, and “sudo -u user kill -9 -1”.
I don't know whether that disables ssh logins that use key auth instead
of password auth.
Reply to: