[99496] in RedHat Linux List
RE: /bin/false and /etc/shells ( was RE: radius (was: Re: Keeping certain users out....))
daemon@ATHENA.MIT.EDU (Charles Galpin)
Sat Nov 14 23:40:53 1998
Date: Sat, 14 Nov 1998 23:38:07 -0500
From: Charles Galpin <cgalpin@lighthouse-software.com>
To: Ramon Gandia <redhat-list@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
I guess that last sentence was NOT readable then. :)
I was not the one asking about radius, I don't even know what it is. I do
understand everything you have talked about regarding shells and using the
false script (which I have).
My question is simply this. If /bin/false is not currently in /etc/shells,
is this a problem?
/bin/false is not currently in /etc/shells in my system. I'm happy to add
it, but am qurious if this is a security hole or something. I would think
not, but you explicitly stated twice that the shell needed to be listed in
/etc/shells to work. on my system /bin/false is not, and I have not ever
tried to login from a pop/ftp-only account (which i probably should and
will)
charles
===== Original Message from Ramon Gandia <redhat-list@redhat.com> at
11/14/98 11:18 pm
>Charles Galpin wrote:
>>
>> Ramon
>>
>> On my vanilla RH5.1 system, /bin/false is not in /etc/shells. Does this mean
>> these accounts can somehow login? It makes sense to me that my own user
>> defined shell would need to be in /etc/shells to work, but I'm not sure of
>> the significance of a shell that you intend to not allow access, not being
>> in /etc/shells.
>>
>> hope that last sentence was readable.
>
>Look in /bin, and see if "false" is there. I.e., /bin/false.
>In my case, /bin/false existed, but was not listed in /etc/shells.
>If you have /bin/false, just add it to /etc/shells.
<snip>
-- Charles Galpin <cgalpin@lighthouse-software.com>
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
