Dariush Pietrzak wrote:
accounts? Do we risk breaking anything if we perform an
s/\/bin\/sh$/\/bin\/false/ ?
Yes, you'll run into trouble trying to run cronjobs as those system users,
No, cron jobs work just fine. I've got a user named 'mirror' with
/bin/true as shell and it performs FTP mirror and rsync downloads
absolutely fine.
also su user -c command won't work, you'll need to use sudo or suid bit,
and that's a bit messy.
This is true, when I need to su to this user's account (for
troubleshooting, usually), I need to 'chsh -s /bin/bash mirror' first
(and change it back later). However, I only need to do this very seldom.
And I haven't ever needed to su to daemon, bin, sys, games, man, lp,
mail, news, uucp, proxy, postgres, www-data, backup, operator, list,
irc, gnats, nobody, amavis or cyrus. That's the list of user accounts
with shell /bin/sh on my Debian box.
Cheers,
Tobias
