Date: 21 Jul 2003 17:03:56 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: Mark <mw@lanfear.com> Cc: freebsd-questions@freebsd.org Subject: Re: Security of adding users for "accounts" ?? Message-ID: <44n0f7iocj.fsf@be-well.ilk.org> In-Reply-To: <1058637268.1308.0.camel@donburi> References: <1058637268.1308.0.camel@donburi>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark <mw@lanfear.com> writes: > i hope this isn't too silly a question, but one of the really easy > ways we've found to manage "accounts" for customers is to just go and > create actual unix accounts for them on our FreeBSD boxes, which helps > us organise everything from directories to where programs look for > their info, etc ... > > now, to keep things "safer", we always deny the accounts shell > access by setting the shell field in /etc/passwd to /sbin/nologin > > > but .... > > > we're still wondering if there are any security implications to > consider from doing this, and if there are any other, perhaps better > ways to manage non-trivial numbers of customer accounts ... we're > only in the dozens now, but it may get into the hundreds in the > future. There's an ISP list that would probably cover this better, but my answer would be that it depends on what you want to *permit* these users to do. If there are several functions they need to access, then giving them real accounts is probably the best way. If all you want is to give them FTP access (for example), though, then you might do better by finding an FTP daemon that supports its own idea of a user database.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44n0f7iocj.fsf>