On Wednesday 27 June 2001 19:07, [EMAIL PROTECTED] wrote: > > And if I'm not mistaken, if they are somehow now able to execute the > chsh command, then they have a valid shell account they can log in > to. :-( > > While they shouldn't be able to run chsh, or the equivalent, putting > their shell in /etc/shells puts them that much closer to an account.
Yep but "false" (or "true") is NOT a shell. So they won't be able to execute chsh and change their login shell to a real one. Moreover, I think it's a good idea to disable ftp for people with a "real" valid shell (ie only include pseudo shells in /etc/shells) as it isn't a secure protocol. JM
