On Thu, 16 Mar 2000, Norbert Nemec wrote: > On Thu, Mar 16, 2000 at 01:01:19AM +0100, Marcus Brinkmann wrote: > > (BTW, it is possible to turn the login shell into a login prompt. Then all > > this does not apply of course). > > Great, that's the piece of information I was waiting for! Actually I do not > know any reason, why the login-shell was introduced at all! Why would you > allow any non-logged in user to execute any command but "login"? Any user > who has an account can simply log in and do whatever he wants to do > afterwards, and people who do not have accounts should not be allowed to do > anything! In case you really need anonymous access, you can simply introduce > a "guest" account on your machine, just as it is done on many Linux machines > already. > > Also: having a real shell running makes playing around with the machine much > more interesting! If you are sitting on a machine with just a login prompt, > it get very boring to just try one username/password pair after the other. > On a prompt, you get at least the impression that there might be some other > intelligent way to crack the system. > > For that reason, my suggestion would be, to drop the whole idea about the > login shell, and by that drop all the effort about the fourth permission set! > (Just think how long it will take, until all the tools are modified to > support that feature!)
I kind of like the idea of a login shell the more I follow this discussion. It's revolutionary. If the machine can be made secure with it, why not? It makes for a more versatile system.
