Date: Sat, 23 May 1998 15:47:50 -0700 From: Mike Smith <mike@smith.net.au> To: Are Bryne <are.bryne@communique.no> Cc: Mike Smith <mike@smith.net.au>, freebsd-security@FreeBSD.ORG Subject: Re: SKey and locked account Message-ID: <199805232247.PAA02689@antipodes.cdrom.com> In-Reply-To: Your message of "Sun, 24 May 1998 01:50:39 %2B0200." <Pine.BSF.3.96.980524014139.2969A-100000@rune.communique.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, 23 May 1998, Mike Smith wrote: > > > No, they don't. Administrative accounts disallow normal logins. > > Having an invalid shell would prevent non-normal logins. > > I am not sure I understand you here... An administrative account eg. 'news' may still require a valid shell, even though you may not wish to allow someone to login as 'news'. > > Having an invalid shell would prevent non-normal logins. > > > > It would (perhaps) be worthwhile adding some verbiage to the > > description of the shell field to make it clearer that setting it to > > refer to /sbin/nologin is the preferred technique for preventing a user > > having any access to the system. The current text assumes that the > > reader already possesses this knowledge. > > Then perhaps the default /nonexistent 'shell' for various password file > entries should be changed also? It would probably make sense to have /sbin/nologin the default shell for those accounts, yes. Want to file a PR? -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805232247.PAA02689>