Re: Completely locking out a user

To: debian-user@lists.debian.org
Subject: Re: Completely locking out a user
From: Greg Wooledge <greg@wooledge.org>
Date: Fri, 3 Feb 2023 11:12:02 -0500
Message-id: <[🔎] Y90yUoT756Yksj0N@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] Y90nyvi7CHbzTLFR@phare.normalesup.org>
References: <[🔎] Y90nyvi7CHbzTLFR@phare.normalesup.org>

On Fri, Feb 03, 2023 at 04:27:06PM +0100, Nicolas George wrote:
> - crontabs or atjobs that download instructions from the web;
> 
> - .procmailrc or “|something” in .forward;
> 
> - probably one or two mechanisms I forgot about.

systemd --user units and timers.

Any process currently running under that user's UID.

Any files owned by that user's UID which have the setuid bit set
(land mines).

> When there is a suspicious access to a user account, we want to lock
> this account until we made sure. So “:-:” in /etc/shadow and shell to
> /bin/false, and “sudo -u user kill -9 -1”.

I don't know whether that disables ssh logins that use key auth instead
of password auth.

Reply to:

Follow-Ups:
- Re: Completely locking out a user
  - From: The Wanderer <wanderer@fastmail.fm>

References:
- Completely locking out a user
  - From: Nicolas George <george@nsup.org>

Prev by Date: Completely locking out a user
Next by Date: Re: Completely locking out a user
Previous by thread: Completely locking out a user
Next by thread: Re: Completely locking out a user
Index(es):
- Date
- Thread