Date: Mon, 4 Feb 2002 13:45:02 -0600 From: "Scott Gerhardt" <scott@gerhardt-it.com> To: "Michael Lucas" <mwlucas@blackhelicopters.org> Cc: "FreeBSD" <freebsd-questions@FreeBSD.ORG> Subject: RE: Shells Question Message-ID: <KPEMLBLEMPMHGLJOCDEGOEHCDMAA.scott@gerhardt-it.com> In-Reply-To: <20020204143851.A37856@blackhelicopters.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I would use login classes instead of shells; that's what they're there > for. To toot my own horn a bit: > > http://www.onlamp.com/pub/a/bsd/2001/06/28/Big_Scary_Daemons.html > > On Mon, Feb 04, 2002 at 01:35:09PM -0600, Scott Gerhardt wrote: > > To disallow shell accounts for ftp and pop users etc., > > Is it better to use /sbin/nologin or /nonexistent for a > shell entry in > > /etc/passwd? > > > > "/nonexistent" does not exist > > "/sbin/nologin" exists and actually fires up a shell and returns > > something. > > > > FTP users must have a valid shell but this can be set to anything in > > /etc/shells. > > > > Can't seem to find a definitive answer to this. Thanks Michael, I do use login classes, but I would like to still add the appropriate entry to /etc/passwd just to be on the safe side (I don't manage that many users on my system). I have the following entries in my /etc/login.access. -:ALL EXCEPT wheel:console -:ALL EXCEPT wheel:ALL I will add other users/groups to the second entry as needed. - Scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KPEMLBLEMPMHGLJOCDEGOEHCDMAA.scott>