From owner-freebsd-security Sat May 23 18:32:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA06039 for freebsd-security-outgoing; Sat, 23 May 1998 18:32:02 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from www.communique.no (www.communique.no [193.212.204.33]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA06000 for ; Sat, 23 May 1998 18:31:54 -0700 (PDT) (envelope-from are@communique.no) Received: (qmail 2987 invoked by uid 1001); 23 May 1998 23:50:39 -0000 Date: Sun, 24 May 1998 01:50:39 +0200 (CEST) From: Are Bryne X-Sender: are@rune.communique.no To: Mike Smith cc: freebsd-security@FreeBSD.ORG Subject: Re: SKey and locked account In-Reply-To: <199805231710.KAA01275@antipodes.cdrom.com> Message-ID: Organization: Communique DA MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Sat, 23 May 1998, Mike Smith wrote: > No, they don't. Administrative accounts disallow normal logins. > Having an invalid shell would prevent non-normal logins. I am not sure I understand you here... > Having an invalid shell would prevent non-normal logins. > > It would (perhaps) be worthwhile adding some verbiage to the > description of the shell field to make it clearer that setting it to > refer to /sbin/nologin is the preferred technique for preventing a user > having any access to the system. The current text assumes that the > reader already possesses this knowledge. Then perhaps the default /nonexistent 'shell' for various password file entries should be changed also? Regards, Are Bryne To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message