On Sat, Aug 04, 2001 at 04:28:51PM +0000, pop corn wrote:
[snip]
> >/bin/false is a very silly idea. /nonexistent is much better.
>
> Hi Peter,
>
> This is a post that I pulled out from the archives. I think /nonexistent
> does seem better than /bin/false.
It is. /nonexistent has no security issues. /bin/false does. Check the
bugtraq archives for details.
> I would like to ask one question to clarify what is probably very obvious,
> but I want to be certain of this.
>
> Is the directory /nonexistent supposed to be created or not? In other words,
> do you want the directory not to be created so that the login fails due to
> "missing home directory", or do you want the directory to be created, but
> empty?
/nonexistent should not exist at all. Therefore, do not create the
directory.
'missing home directory' has nothing to with this - we're specifying
/nonexistent for the shell, not the homedirectory.
Greetz, Peter
--
Against Free Sex! http://www.dataloss.nl/Megahard_en.html
