On Oct 16, 2003, at 3:07 am, Jim wrote:
These users that get created don't have passwords. Can they log in?
For instance, if someone tries to log in as proftp and leaves the password
blank, they are rejected, fill in anything, rejected.
On my system: $ grep ftp /etc/passwd ftp:x:21:21::/home/ftp:/bin/false proftpd:x:1002:408::/home/ftp:/bin/false
The last field is the program that the login attempts to run when a user successfully attempts a shell login. Any real user will have a real & usable shell. This is a default installation - I think yours will be the same.
However, on Oct 14, 2003, at 8:45 pm, Andrew Farmer wrote:
Try 'ssh -t host /bin/sh'. It'll give you a login shell (with /bin/sh) even
if your $SHELL is set to something like /bin/false.
In short, there's really no way (that I know of, at least) to keep a user
from getting a login shell as long as they have an account.
I'm not sure how this affects these accounts - I would have thought the intention was that they should never be able to login. Presumably their security depends on them not having a known password set.
Stroller.
-- [EMAIL PROTECTED] mailing list
