On 8 May 2006, Marc Haber outgrape:
> On Fri, 05 May 2006 11:12:35 +0300, Jari Aalto
> <[EMAIL PROTECTED]>
> wrote:
>> Richard A Nelson <[EMAIL PROTECTED]> writes:
>>> On Wed, 3 May 2006, Colin Watson wrote:
>>> The rest of the system accounts are happily running with
>>> /bin/false
>>
>> There is now /bin/nologin which is more secure
>
> You can surely explain why /bin/nologin is more secure than
> /bin/false. I'm eager to learn.
Since /bin/nologin is used in very specific circumstances, I
can create far tighter security policy and auditing rules for use
with /bin/nologin. /bin/false is used legitimately in scripts, so the
audit trail is diffused, and /dev/null can't be restricted/audited to
the same extent that either /bin/false or /bin/nologin can.
manoj
--
"The only difference between me and a madman is that I'm not mad."
Salvador Dali
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
