Date: Sat, 15 Jan 2000 17:33:50 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: danh@wzrd.com (Dan Harnett) Cc: ncb@zip.com.au (Nicholas Brawn), freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. Message-ID: <200001152233.RAA53004@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <20000114034446.6B2CA5D01E@mail.wzrd.com> from Dan Harnett at "Jan 13, 2000 10:44:46 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Harnett wrote,
> Hello,
>
> You could also set this particular user's shell to /sbin/nologin and make the
> others use the -m option to su.
But if you do this, remember,
-m Leave the environment unmodified. The invoked shell is your lo-
gin shell, and no directory changes are made. As a security pre-
caution, if the target user's shell is a non-standard shell (as
defined by getusershell(3)) and the caller's real uid is non-ze-
ro, su will fail.
You have to add '/sbin/nologin' to /etc/shells.
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001152233.RAA53004>