Date: Thu, 25 Oct 2001 12:38:58 +1000 From: Edwin Groothuis <edwin@mavetju.org> To: BSD Freak <bsd-freak@mbox.com.au> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Which way is better to deny shell access Message-ID: <20011025123858.I552@k7.mavetju.org> In-Reply-To: <18f1ed818ec2ec.18ec2ec18f1ed8@mbox.com.au>; from bsd-freak@mbox.com.au on Thu, Oct 25, 2001 at 12:20:16PM %2B1000 References: <18f1ed818ec2ec.18ec2ec18f1ed8@mbox.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 25, 2001 at 12:20:16PM +1000, BSD Freak wrote: > Just wondering.... we have a whole heap of pop3 users... we deny them > shell access by assigning their shell as /sbin/nologin ( the same shell > as many of the system accounts)... however I noticed if I use the > adduser utility to create a user with no shell, it assigns /nonexistent > as their shell...... Which is better? /sbin/nologin tells the user that there isn't a valid shell, after logging in. /nonexistent will prevent logging in because the shell doesn't exist. I think the second is better because it will not tell the user (intruder, password guesser) that the password was correct. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011025123858.I552>