From owner-freebsd-questions Tue Apr 1 21:47:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA07733 for questions-outgoing; Tue, 1 Apr 1997 21:47:04 -0800 (PST) Received: from obie.softweyr.ml.org ([199.104.124.49]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA07725 for ; Tue, 1 Apr 1997 21:46:59 -0800 (PST) Received: (from wes@localhost) by obie.softweyr.ml.org (8.7.5/8.6.12) id WAA00267; Tue, 1 Apr 1997 22:47:48 -0700 (MST) Date: Tue, 1 Apr 1997 22:47:48 -0700 (MST) Message-Id: <199704020547.WAA00267@obie.softweyr.ml.org> From: Wes Peters To: adam@cyberhall.com CC: questions@freebsd.org Subject: Users with no shells In-Reply-To: <199704020120.TAA00422@cyber1.cyberhall.com> References: <199702061744.RAA145590@smtp-gw01.ny.us.ibm.net> <199704020120.TAA00422@cyber1.cyberhall.com> Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Adam D. Morton writes: > I have perused many a FAQ without finding much on this topic-- What > is the best way to create an account with no interactive shell, but > with the ability to retrieve mail via POP? I created an account with > the shell given as /nonexistent (the "no" option in adduser), and > that seems to work fine except that adduser complains about "illegal > shell" during the check process. Are there any problems with doing > this this way? Is there a better way to accomplish this? Use /usr/bin/nologin as the users shell; it won't allow the user to login. (A well named program, idn't?) For slightly better control, pick up my nologin replacement program. It also disallows logins to the account, but will log a message each time a login attempt is made on a nologin account, so you can trace cracking attempts. See my web page, mentioned in the sig below, for more info. A man page for my nologin program is available as well. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com