En réponse à Christian Hammers <[EMAIL PROTECTED]>:
> Apart from the ftp users which (sometimes) need their ftp password to > be stored in /etc/shadow and thus would making it a valid login > password > to, I can see no reason why not giving a user, that has *no* password, > a shell. ok, but we can see that at the opposite, if a user don t need a shell, why should we give him one? and perhaps am i too "stiff" (excuse me for my english :p) but i thing a linux distribution like the debian must be "coherent" : why www-data and mail have got a shell and not mysql??? it s just a principle for me :D > Without a password in /etc/shadow or /etc/passwd he could not login > and > if someone cracks the server with i.e. a buffer overflow he does not > depend on the passwd entries but executes /bin/bash directly. ok, that s right. > On the other hand when executing "su -c daemonxy cronscriptxy" from > your crontab or similar than you need a valid shell because the shell > relies on it when executing child programs. ok > BTW: for ftp and pop3 users I could imagine /bin/passwd beeing a nice > shell > because it would allow the users to change their password via ssh. thanks for this advice, and for all the rest ;D ----- Ivan R. sysadmin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
