From owner-freebsd-questions@FreeBSD.ORG Sat Jul 19 11:53:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 75F1A37B401 for ; Sat, 19 Jul 2003 11:53:24 -0700 (PDT) Received: from donburi.lanfearhome.com (12-228-27-123.client.attbi.com [12.228.27.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 116E543FBF for ; Sat, 19 Jul 2003 11:53:24 -0700 (PDT) (envelope-from mw@lanfear.com) Received: from localhost (localhost [127.0.0.1]) by donburi.lanfearhome.com (Postfix) with ESMTP id 431FE2E9AF for ; Sat, 19 Jul 2003 10:54:28 -0700 (PDT) From: Mark To: freebsd-questions@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 19 Jul 2003 10:54:28 -0700 Message-Id: <1058637268.1308.0.camel@donburi> Mime-Version: 1.0 Subject: Security of adding users for "accounts" ?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2003 18:53:24 -0000 hey! i hope this isn't too silly a question, but one of the really easy ways we've found to manage "accounts" for customers is to just go and create actual unix accounts for them on our FreeBSD boxes, which helps us organise everything from directories to where programs look for their info, etc ... now, to keep things "safer", we always deny the accounts shell access by setting the shell field in /etc/passwd to /sbin/nologin but .... we're still wondering if there are any security implications to consider from doing this, and if there are any other, perhaps better ways to manage non-trivial numbers of customer accounts ... we're only in the dozens now, but it may get into the hundreds in the future. thanks! mark.