On Monday 15 December 2003 14:56, cpace@tampabay.rr.com wrote:
> When you say "work in a pinch" does that imply that there would
> be a better way? If so I would definitely be interested in
One issue is that traditionally /bin/false is a shell script,
usually using /bin/true. A cracker could break out of the shell,
causing a security problem. The /bin/false that comes with Linux is
a GNU compiled binary, and doesn't quite have that same security
concern. I got the impression from reading the man page of RedHat's
/sbin/nologin was that it was meant to disable an individual user
from logging in and is a separate program from /sbin/login, while
Slackware's /bin/login can use a config file /etc/nologin to
prevent *everyone* but root from logging in, in effect a general
"nologin". That may not be what you want (or it might?)...
I never knew there was a difference between the distros until you
asked! So the moral is to always study those man pages. From what I
can tell, there's no difference in using either one for a fake
shell for an account, other than the difference in binaries
supplied with a particular distro. But YMMV if you sit down to a
non-Linux Unix to do the same thing.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:41:37 EDT