It's probably more secure to set their shell to something that does exist but won't function as a shell, like /dev/null or /bin/false. That way you don't leave a hole where someone could create the non-existent program that the user points to and voila - instant access.
-- Rick Genter Sr. Software Engineer Silverlink Communications <mailto:[EMAIL PROTECTED]> (781) 272-3080 x242 This e-mail, including attachments, may include confidential and/or proprietary information, and may only be used by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Jaffe Sent: Tuesday, February 03, 2004 3:26 PM To: [EMAIL PROTECTED] Subject: RE: CVS security question You can prevent a user from logging in by setting the shell variable in the /etc/password file to a nonexistent shell. This will allow authorization, but not allow login. -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf > Of Pankaj Garg > Sent: Tuesday, February 03, 2004 10:59 AM > To: [EMAIL PROTECTED] > Subject: CVS security question > > To use SSH i > need to make shell accounts for those two users. Now because > these two users > have shell account and have write access to my repository, they can > essentially login in my CVS server box and do an rm -fR on my whole > repository. Is there a way to prevent this? ========================================= Mark Jaffe | (408) 972-9638 (home) Chief Wizard | (408) 807-2093 (cell) Computer Wizards | (425) 795-6421 (FAX) _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
