We recently noticed that a stock woody install produces an /etc/passwd in which most, if not all, system users have a valid shell entry of /bin/sh. They're all unable to login due to having no valid password, but best UNIX security practice typically involves giving accounts that don't need to be able to login a shell of /bin/false or /bin/true. Other distros (at least some of them) appear to follow suit.
Is there a reason why Debian chooses to specify /bin/sh for system accounts? Do we risk breaking anything if we perform an s/\/bin\/sh$/\/bin\/false/ ?
Cheers, Tobias
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
