Hi.
I have some accounts that don't require home directories or shells.
In the past I used ftpd for web uploading and would do the
shell==false thing and chroot them and set the login directory via the
passwd file.
Bye bye ftpd, hello sshd.
So I'm looking at this again, using the sshd's internal sftp and
chroot directives on a per user basis. For now I'm looking at using
password authentication.
Here's the nervous administrator talking but is this correct ...
If these users connect via ssh, sshd will authenticate them via their
password entry and once that's achieved, the "home" directory will be
according to sshd_config and the "shell" will be whatever interface
sftp provides.
In other words, for that purpose the home and shell directives in
master.passwd will never come into play.
If that is correct, should I care about what the entries are in master.passwd?
Is blank okay?
Presumably I could set up shell==false but is a blank entry as good here?
I notice that there are a couple of items in master.passwd that seem
to fit the bill for this - UID 32767 ("nobody") has directory set to
/nonexistent and it and many others have shell set to /sbin/nologin
...
I think I get the purpose of nologin and it can be used to disable
accounts as needed.
If users are connecting via sshd for sftp purposes only will setting
/sbin/nologin or any other shell affect them at all?
Is nonexistent a key word? I've been stumbling through source but I'm
very out of my depth. Is it merely a good english word that points to
any non-existent directory?
A hundred other questions ...
TIA
Best wishes.
