tag 720581 + moreinfo thanks Ian Bolton wrote: > * What exactly did you do (or not do) that was effective (or > ineffective)? > > ran tiger security tool with nologin in /etc/shells/
The /usr/sbin/nologin program should never be configured in /etc/shells. That would enable it as a valid shell for such services such as ftp that checks if the user's shell exists but does not actually invoke it. It also creates the somewhat humorous possibility of a user changing their shell to the nologin shell creating a hang state that they cannot recover from. I have actually seen this situation appear and happen in real life. > * What was the outcome of this action? > > login package looked for nologin in /sbin/nologin while login > package provides it in /usr/sbin/nologin What were the exact values of the relevant lines from: /etc/passwd /etc/shells I think you must have listed /sbin/nologin in /etc/passwd file instead of /usr/sbin/nologin. The login program looks at whatever program is configured there. Bob
signature.asc
Description: Digital signature
