Date: Tue, 1 Apr 1997 22:47:48 -0700 (MST) From: Wes Peters <softweyr@xmission.com> To: adam@cyberhall.com Cc: questions@freebsd.org Subject: Users with no shells Message-ID: <199704020547.WAA00267@obie.softweyr.ml.org> In-Reply-To: <199704020120.TAA00422@cyber1.cyberhall.com> References: <199702061744.RAA145590@smtp-gw01.ny.us.ibm.net> <199704020120.TAA00422@cyber1.cyberhall.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam D. Morton writes:
> I have perused many a FAQ without finding much on this topic-- What
> is the best way to create an account with no interactive shell, but
> with the ability to retrieve mail via POP? I created an account with
> the shell given as /nonexistent (the "no" option in adduser), and
> that seems to work fine except that adduser complains about "illegal
> shell" during the check process. Are there any problems with doing
> this this way? Is there a better way to accomplish this?
Use /usr/bin/nologin as the users shell; it won't allow the user to
login. (A well named program, idn't?)
For slightly better control, pick up my nologin replacement program. It
also disallows logins to the account, but will log a message each time a
login attempt is made on a nologin account, so you can trace cracking
attempts. See my web page, mentioned in the sig below, for more info.
A man page for my nologin program is available as well.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.xmission.com/~softweyr softweyr@xmission.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704020547.WAA00267>