Horst wrote: > 1) Talking about nobody -- what should be his/her shell ? > My distro decided on /bin/sh whereas some system accounts are assigned > to /bin/false (or true), neither giving them much power. > I guess I could try and wait until some application using nobody > breaks... but maybe you folks wanna spoil that sort of learning experience???
/bin/false is good. /bin/sh is less good. *maybe*, due to an error in administration, it would be possible for an attacker to start nobody's login shell through ssh, rlogin, or something, without having to give a password. If that happened, you'd rather nobody had a useless shell. There aren't supposed to be any ways to start a shell without a password, but there aren't supposed to be any security holes at all. (-: > 2) What is the recommended entry for the 2nd field (password > indicator) for users that can't log in (like my proxie for root mail) ? > My guess is 'x' in passwd and '!!' in shaddow -- whereas Mandrakes > utilities decided on '*' in passwd and didn't make and entry in shadow(!?) If you're using shadow passwords, the password field in /etc/passwd is not used. Put an 'x' or a '*' or your mother's maiden name in -- it doesn't matter. I'm surprised that there's no entry in /etc/shadow. md5 passwords are 34 bytes long, so any string shorter than 34 characters is guaranteed not to match any password. > 3) HowTo? Normally I use the general tools useradd, usermod and not some > distro-specific tools -- any comments? (other than manually editing the > files in /etc/ -which I used to do in the past) Using generic tools is good -- it makes it easier to switch distributions. -- Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED] _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
