From owner-freebsd-questions Tue Nov 2 1: 1:39 1999 Delivered-To: freebsd-questions@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id F20FC14CEA for ; Tue, 2 Nov 1999 01:01:29 -0800 (PST) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.040 #1) id 11iZof-0000zh-00; Tue, 02 Nov 1999 11:01:21 +0200 From: Sheldon Hearn To: John Cc: freebsd-questions@FreeBSD.ORG Subject: Re: /nonexistent vs. /sbin/nologin In-reply-to: Your message of "Mon, 01 Nov 1999 23:45:13 EST." <4.1.19991101232918.00943730@mail.udel.edu> Date: Tue, 02 Nov 1999 11:01:21 +0200 Message-ID: <3824.941533281@axl.noc.iafrica.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 01 Nov 1999 23:45:13 EST, John wrote: > When i went into vipw though, I noticed that both "/nonexistent" and > "/sbin/nologin" exist. What is the difference between those? And > also, which is considered more secure? There's no difference in terms of security. The /sbin/nologin method prints out a friendly "piss off" message, while /nonexistent does not. However, /nonexistent will work on most non-FreeBSD platforms, which makes supposedly makes migrating passwd files easier. Personally, I think that's a pretty lame motivation. While it's mostly religious, your end-users will certainly appreciate /sbin/nologin more. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message