From owner-freebsd-questions  Mon Feb  4 11:50:57 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18])
	by hub.freebsd.org (Postfix) with ESMTP id AD4FC37B41A
	for <freebsd-questions@FreeBSD.ORG>; Mon,  4 Feb 2002 11:50:51 -0800 (PST)
Received: (from mwlucas@localhost)
	by blackhelicopters.org (8.11.6/8.11.6) id g14JomP37999;
	Mon, 4 Feb 2002 14:50:48 -0500 (EST)
	(envelope-from mwlucas)
From: Michael Lucas <mwlucas@blackhelicopters.org>
Date: Mon, 4 Feb 2002 14:50:48 -0500
To: Scott Gerhardt <scott@gerhardt-it.com>
Cc: FreeBSD <freebsd-questions@FreeBSD.ORG>
Subject: Re: Shells Question
Message-ID: <20020204145048.A37974@blackhelicopters.org>
References: <20020204143851.A37856@blackhelicopters.org> <KPEMLBLEMPMHGLJOCDEGOEHCDMAA.scott@gerhardt-it.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
hFrom: Michael Lucas <mwlucas@blackhelicopters.org>
In-Reply-To: <KPEMLBLEMPMHGLJOCDEGOEHCDMAA.scott@gerhardt-it.com>; from scott@gerhardt-it.com on Mon, Feb 04, 2002 at 01:45:02PM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Oh, okay.  Then I would recommend /usr/ports/sysutils/no-login

It's an actualy C program, so it avoids spawning a new shell.

On Mon, Feb 04, 2002 at 01:45:02PM -0600, Scott Gerhardt wrote:
> 
> 
> 
>    > I would use login classes instead of shells; that's what they're there
>    > for.  To toot my own horn a bit:
>    >
>    > http://www.onlamp.com/pub/a/bsd/2001/06/28/Big_Scary_Daemons.html
>    >
>    > On Mon, Feb 04, 2002 at 01:35:09PM -0600, Scott Gerhardt wrote:
>    > > To disallow shell accounts for ftp and pop users etc.,
>    > > Is it better to use /sbin/nologin or /nonexistent for a
>    > shell entry in
>    > > /etc/passwd?
>    > >
>    > > "/nonexistent" does not exist
>    > > "/sbin/nologin"  exists and actually fires up a shell and returns
>    > > something.
>    > >
>    > > FTP users must have a valid shell but this can be set to anything in
>    > > /etc/shells.
>    > >
>    > > Can't seem to find a definitive answer to this.
> 
> Thanks Michael,
> 
> I do use login classes, but I would like to still add the appropriate entry
> to /etc/passwd just to be on the safe side (I don't manage that many users
> on my system).  I have the following entries in my /etc/login.access.
> 
> -:ALL EXCEPT wheel:console
> -:ALL EXCEPT wheel:ALL
> 
> I will add other users/groups to the second entry as needed.
> 
> 
> 	- Scott

-- 
Michael Lucas		mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons

http://www.blackhelicopters.org/~mwlucas/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message