From owner-freebsd-security  Mon Aug 13 10:34:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gnjilux.srk.fer.hr (gnjilux.srk.fer.hr [161.53.70.141])
	by hub.freebsd.org (Postfix) with ESMTP id 474C637B405
	for <freebsd-security@freebsd.org>; Mon, 13 Aug 2001 10:34:39 -0700 (PDT)
	(envelope-from ike@gnjilux.srk.fer.hr)
Received: from gnjilux.srk.fer.hr (ike@localhost [127.0.0.1])
        by localhost (8.12.0.Beta16/8.12.0.Beta16/Debian 8.12.0.Beta16) with ESMTP id f7DHYT5J005797
        for <freebsd-security@freebsd.org>; Mon, 13 Aug 2001 19:34:29 +0200
Received: (from ike@localhost)
        by gnjilux.srk.fer.hr (8.12.0.Beta16/8.12.0.Beta16/Debian 8.12.0.Beta16) id f7DHYTqt005794
        for freebsd-security@freebsd.org; Mon, 13 Aug 2001 19:34:29 +0200
From: Ivan Krstic <ike@gnjilux.srk.fer.hr>
Date: Mon, 13 Aug 2001 19:34:29 +0200
To: freebsd-security@freebsd.org
Subject: Re: bin user
Message-ID: <20010813193429.Z3889@gnjilux.cc.fer.hr>
References: <000b01c1241d$1feb9970$0d00a8c0@alexus>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.17i
In-Reply-To: <000b01c1241d$1feb9970$0d00a8c0@alexus>; from ml@db.nexgen.com on Mon, Aug 13, 2001 at 01:26:44PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Aug 13, 2001 at 01:26:44PM -0400, alexus wrote:
> is it safe to allow user bin have shell but with password that no one will
> know?

[snip]
If the only reason to give the bin user a shell is so you can su to this
account, there's no need to assign a password at all. The shadow file entry
illustrates this:
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin

Note the second field is an asterisk, which is an impossible hash (no password
will ever match). So, just assign this user a valid shell, and leave the
password the way it already is.

Best regards,

-- 
Ivan Krstic - ike 
" life is the road beneath my feet, 
  love is the girl I wait to meet, 
  and art is everything I create, 
  rob me of any and I will hate, 
  you, my God, my devil, my fate " 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message