On Mon, May 08, 2006 at 09:04:35AM +0200, Marc Haber wrote: > On Fri, 05 May 2006 11:12:35 +0300, Jari Aalto <[EMAIL PROTECTED]> > wrote: > >Richard A Nelson <[EMAIL PROTECTED]> writes: > >> On Wed, 3 May 2006, Colin Watson wrote: > >> The rest of the system accounts are happily running with /bin/false > > > >There is now /bin/nologin which is more secure > > You can surely explain why /bin/nologin is more secure than > /bin/false. I'm eager to learn.
Not "more secure" but it definately provides some accountability (i.e. log traces) in case those accounts get used. At least by those services that might spawn a shell, that is. Use of /dev/null or /bin/false will not get logged so you might not be able to detect (through a logchecker tool such as logcheck) suspicious activity. Regards Javier
signature.asc
Description: Digital signature
