On 20/12/02 22:52 +0100, Christian Hammers wrote: <snip> > I'm wondering why I would want that - until now nobody could give me a > good argument although everybody learns to remove the shells :-( > > * If I give my users a disabled password, they cannotđ login via passwd > based ssh/ftp/pop3 etc. Keys. ssh-keygen.
> * But, on the other hand, I can have a > su news -c /usr/local/script_running_as_user_news.sh su - news -s /bin/sh -c "/path/to/script taking arguments" > Any hints? Administrators have to close all holes, crackers need just one. Why leave something that might be misused? After all, hardening a box involves restricting what can be done by what users. Devdas Bhagat
