From owner-freebsd-questions  Mon Feb  4 11:44:55 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from indigo.quadrant.net (indigo.quadrant.net [207.195.92.9])
	by hub.freebsd.org (Postfix) with ESMTP id 90A7137B422
	for <freebsd-questions@FreeBSD.ORG>; Mon,  4 Feb 2002 11:44:46 -0800 (PST)
Received: from git2000 (gw.gerhardt-it.com [204.83.38.103])
	by indigo.quadrant.net (8.9.1/8.9.1) with SMTP id NAA11191;
	Mon, 4 Feb 2002 13:44:43 -0600 (CST)
From: "Scott Gerhardt" <scott@gerhardt-it.com>
To: "Michael Lucas" <mwlucas@blackhelicopters.org>
Cc: "FreeBSD" <freebsd-questions@FreeBSD.ORG>
Subject: RE: Shells Question
Date: Mon, 4 Feb 2002 13:45:02 -0600
Message-ID: <KPEMLBLEMPMHGLJOCDEGOEHCDMAA.scott@gerhardt-it.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20020204143851.A37856@blackhelicopters.org>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG




   > I would use login classes instead of shells; that's what they're there
   > for.  To toot my own horn a bit:
   >
   > http://www.onlamp.com/pub/a/bsd/2001/06/28/Big_Scary_Daemons.html
   >
   > On Mon, Feb 04, 2002 at 01:35:09PM -0600, Scott Gerhardt wrote:
   > > To disallow shell accounts for ftp and pop users etc.,
   > > Is it better to use /sbin/nologin or /nonexistent for a
   > shell entry in
   > > /etc/passwd?
   > >
   > > "/nonexistent" does not exist
   > > "/sbin/nologin"  exists and actually fires up a shell and returns
   > > something.
   > >
   > > FTP users must have a valid shell but this can be set to anything in
   > > /etc/shells.
   > >
   > > Can't seem to find a definitive answer to this.

Thanks Michael,

I do use login classes, but I would like to still add the appropriate entry
to /etc/passwd just to be on the safe side (I don't manage that many users
on my system).  I have the following entries in my /etc/login.access.

-:ALL EXCEPT wheel:console
-:ALL EXCEPT wheel:ALL

I will add other users/groups to the second entry as needed.


	- Scott


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message