On May 17, 2005, at 4:32 am, D. Wokan wrote:
I believe you can set their shell to /bin/true and they'll be able to log in, but not get an actual shell.
That's the point, my server is a DataBase Server, I mean, users log in
and run a C++ script and then they work with the database files.. THEY
HAVE TO LOG IN, so there's only few that has access to the bash shell,
because they need it!!!... so, I ask again, there is some tools, command
that help me to monitoring, securing this server??
Is it possible for them to work with this DB using some client app running on another machine? You haven't said much about your situation but perhaps there is another way besides them having shell access to that server.
Erm.. this is usually used to prevent users from logging in - I mean, they can log in, but then /bin/true is called, and that allows no interactivity. The users wouldn't be able to call their C++ script.
I think it would be better to set the users' shell to /path/to/the/c++/app/the/users/require. This would allow them to log in to the server & ONLY use that.
Incidentally, `grep -e true -e false /etc/passwd` suggests the Gentoo standard to be to set shell to `/bin/false` for users who should be denied shell access. I thought `/bin/true` was more "correct". Comments, anyone?
Stroller.
-- gentoo-user@gentoo.org mailing list
